$NetBSD: patch-aw,v 1.1.1.1 2005/01/02 02:51:42 cube Exp $ --- pppd/pppd.8.orig 2004-11-13 13:22:49.000000000 +0100 +++ pppd/pppd.8 @@ -57,6 +57,24 @@ for the serial device. On systems such 4.4BSD and NetBSD, any speed can be specified. Other systems (e.g. Linux, SunOS) only support the commonly-used baud rates. .TP +.B active-filter-in \fIfilter-expression +.TP +.B active-filter-out \fIfilter-expression +Specifies an incoming and outgoing packet filter to be applied to data +packets to determine which packets are to be regarded as link activity, +and therefore reset the idle timer, or cause the link to be brought up +in demand-dialing mode. This option is useful in conjunction with the +\fBidle\fR option if there are packets being sent or received +regularly over the link (for example, routing information packets) +which would otherwise prevent the link from ever appearing to be idle. +The \fIfilter-expression\fR syntax is as described for tcpdump(8), +except that qualifiers which are inappropriate for a PPP link, such as +\fBether\fR and \fBarp\fR, are not permitted. Generally the filter +expression should be enclosed in single-quotes to prevent whitespace +in the expression from being interpreted by the shell. This option +is currently only available under NetBSD, and then only +if both the kernel and pppd were compiled with PPP_FILTER defined. +.TP .B asyncmap \fImap This option sets the Async-Control-Character-Map (ACCM) for this end of the link. The ACCM is a set of 32 bits, one for each of the @@ -167,7 +185,7 @@ Note that for the IPv6 protocol, the MRU Set the MTU [Maximum Transmit Unit] value to \fIn\fR. Unless the peer requests a smaller value via MRU negotiation, pppd will request that the kernel networking code send data packets of no more -than \fIn\fR bytes through the PPP network interface. Note that for +than \fIn\fR bytes through the PPP network interface. Note that for the IPv6 protocol, the MTU must be at least 1280. .TP .B passive @@ -177,11 +195,11 @@ peer, pppd will then just wait passively the peer, instead of exiting, as it would without this option. .SH OPTIONS .TP -.I \fB:\fI +.I \*[Lt]local_IP_address\*[Gt]\fB:\fI\*[Lt]remote_IP_address\*[Gt] Set the local and/or remote interface IP addresses. Either one may be omitted. The IP addresses can be specified with a host name or in decimal dot notation (e.g. 150.234.56.78). The default local -address is the (first) IP address of the system (unless the +address is the (first) IP address of the hostname of the system (unless the \fInoipdefault\fR option is given). The remote address will be obtained from the peer if not specified in any option. Thus, in simple cases, this option is @@ -191,7 +209,7 @@ will not accept a different value from t negotiation, unless the \fIipcp\-accept\-local\fR and/or \fIipcp\-accept\-remote\fR options are given, respectively. .TP -.B ipv6 \fI\fR,\fI +.B ipv6 \fI\*[Lt]local_interface_identifier\*[Gt]\fR,\fI\*[Lt]remote_interface_identifier\*[Gt] Set the local and/or remote 64-bit interface identifier. Either one may be omitted. The identifier must be specified in standard ascii notation of IPv6 addresses (e.g. ::dead:beef). If the @@ -199,18 +217,18 @@ IPv6 addresses (e.g. ::dead:beef). If th option is given, the local identifier is the local IPv4 address (see above). On systems which supports a unique persistent id, such as EUI\-48 derived from the Ethernet MAC address, \fIipv6cp\-use\-persistent\fR option can be -used to replace the \fIipv6 ,\fR option. Otherwise the +used to replace the \fIipv6 \*[Lt]local\*[Gt],\*[Lt]remote\*[Gt]\fR option. Otherwise the identifier is randomized. .TP .B active\-filter \fIfilter\-expression Specifies a packet filter to be applied to data packets to determine which packets are to be regarded as link activity, and therefore reset -the idle timer, or cause the link to be brought up in demand-dialling +the idle timer, or cause the link to be brought up in demand-dialing mode. This option is useful in conjunction with the \fBidle\fR option if there are packets being sent or received regularly over the link (for example, routing information packets) which would otherwise prevent the link from ever appearing to be idle. -The \fIfilter\-expression\fR syntax is as described for tcpdump(1), +The \fIfilter\-expression\fR syntax is as described for tcpdump(8), except that qualifiers which are inappropriate for a PPP link, such as \fBether\fR and \fBarp\fR, are not permitted. Generally the filter expression should be enclosed in single-quotes to prevent whitespace @@ -243,6 +261,12 @@ Alternatively, a value of 0 for \fInr\fR compression in the corresponding direction. Use \fInobsdcomp\fR or \fIbsdcomp 0\fR to disable BSD-Compress compression entirely. .TP +.B callback \fIphone_number +Request a call-back to the \fIphone-number\fR. This only works if the peer +is speaking the Call Back Configuration Protocol. Don't put this into the +main options file if you sometimes connect to servers that don't support +it. +.TP .B cdtrcts Use a non-standard hardware flow control (i.e. DTR/CTS) to control the flow of data on the serial port. If neither the \fIcrtscts\fR, @@ -324,9 +348,9 @@ When this is completed, pppd will commen (i.e., IP packets) across the link. The \fIdemand\fR option implies the \fIpersist\fR option. If this -behaviour is not desired, use the \fInopersist\fR option after the +behavior is not desired, use the \fInopersist\fR option after the \fIdemand\fR option. The \fIidle\fR and \fIholdoff\fR -options are also useful in conjuction with the \fIdemand\fR option. +options are also useful in conjunction with the \fIdemand\fR option. .TP .B domain \fId Append the domain name \fId\fR to the local host name for authentication @@ -350,9 +374,9 @@ With the \fBdump\fR option, pppd will pr which have been set. This option is like the \fBdryrun\fR option except that pppd proceeds as normal rather than exiting. .TP -.B endpoint \fI +.B endpoint \fI\*[Lt]epdisc\*[Gt] Sets the endpoint discriminator sent by the local machine to the peer -during multilink negotiation to \fI\fR. The default is to use +during multilink negotiation to \fI\*[Lt]epdisc\*[Gt]\fR. The default is to use the MAC address of the first ethernet interface on the system, if any, otherwise the IPv4 address corresponding to the hostname, if any, provided it is not in the multicast or locally-assigned IP address @@ -403,8 +427,8 @@ Specifies that pppd should disconnect if seconds. The link is idle when no data packets (i.e. IP packets) are being sent or received. Note: it is not advisable to use this option with the \fIpersist\fR option without the \fIdemand\fR option. -If the \fBactive\-filter\fR -option is given, data packets which are rejected by the specified +If the \fBactive\-filter-in\fR and/or \fBactive-filter-out\fR +options are given, data packets which are rejected by the specified activity filter also count as the link being idle. .TP .B ipcp\-accept\-local @@ -436,6 +460,23 @@ Provides an extra parameter to the ip\-u option is given, the \fIstring\fR supplied is given as the 6th parameter to those scripts. .TP +.B +ipv6 +Enable IPv6CP negotiation and IPv6 communication. +It needs to be explicitly specified if you want IPv6CP. +.TP +.B -ipv6 +Disable IPv6CP negotiation and IPv6 communication. +.TP +.B ipv6cp-accept-local +With this option, pppd will accept the peer's idea of our local IPv6 +address, even if the local IPv6 address was specified in an option. +.TP +.B ipv6cp-use-ipaddr +Use the local IPv4 address as the local interface address. +.TP +.B ipv6cp-use-persistent +Use uniquely-available persistent value for link local address (Solaris 2 only). +.TP .B ipv6cp\-max\-configure \fIn Set the maximum number of IPv6CP configure-request transmissions to \fIn\fR (default 10). @@ -473,7 +514,7 @@ numbers on the ipx\-network must be uniq default. If this option is not specified then the node numbers are obtained from the peer. .TP -.B ipx\-router\-name \fI +.B ipx\-router\-name \fI\*[Lt]string\*[Gt] Set the name of the router. This is a string and is sent to the peer as information data. .TP @@ -512,7 +553,7 @@ Set the maximum number of IPXCP NAK fram send before it rejects the options. The default value is 3. .TP .B ipxcp\-max\-terminate \fIn -Set the maximum nuber of IPXCP terminate request frames before the +Set the maximum number of IPXCP terminate request frames before the local system considers that the peer is not listening to them. The default value is 3. .TP @@ -526,7 +567,7 @@ bits: 1 to enable general debug messages, 2 to request that the contents of received packets be printed, and 4 to request that the contents of transmitted packets be printed. On most systems, messages printed by -the kernel are logged by syslog(1) to a file as directed in the +the kernel are logged by syslogd(8) to a file as directed in the /etc/syslog.conf configuration file. .TP .B ktune @@ -615,7 +656,7 @@ option, pppd will wait for the CD (Carri modem to be asserted when opening the serial device (unless a connect script is specified), and it will drop the DTR (Data Terminal Ready) signal briefly when the connection is terminated and before executing -the connect script. On Ultrix, this option implies hardware flow +the connect script. On ULTRIX, this option implies hardware flow control, as for the \fIcrtscts\fR option. .TP .B mp @@ -639,7 +680,7 @@ analogous to the MRU for the individual currently only available under Linux, and only has any effect if multilink is enabled (see the multilink option). .TP -.B ms\-dns \fI +.B ms\-dns \fI\*[Lt]addr\*[Gt] If pppd is acting as a server for Microsoft Windows clients, this option allows pppd to supply one or two DNS (Domain Name Server) addresses to the clients. The first instance of this option specifies @@ -647,7 +688,7 @@ the primary DNS address; the second inst secondary DNS address. (This option was present in some older versions of pppd under the name \fBdns\-addr\fR.) .TP -.B ms\-wins \fI +.B ms\-wins \fI\*[Lt]addr\*[Gt] If pppd is acting as a server for Microsoft Windows or "Samba" clients, this option allows pppd to supply one or two WINS (Windows Internet Name Services) server addresses to the clients. The first @@ -724,12 +765,11 @@ only be required if the peer is buggy an from pppd for IPCP negotiation. .TP .B noipv6 -Disable IPv6CP negotiation and IPv6 communication. This option should -only be required if the peer is buggy and gets confused by requests -from pppd for IPv6CP negotiation. +An alias for +.B -ipv6. .TP .B noipdefault -Disables the default behaviour when no local IP address is specified, +Disables the default behavior when no local IP address is specified, which is to determine (if possible) the local IP address from the hostname. With this option, the peer will have to supply the local IP address during IPCP negotiation (unless it specified explicitly on the @@ -837,22 +877,25 @@ seconds (default 3). Set the maximum time that pppd will wait for the peer to authenticate itself with PAP to \fIn\fR seconds (0 means no limit). .TP -.B pass\-filter \fIfilter\-expression -Specifies a packet filter to applied to data packets being sent or -received to determine which packets should be allowed to pass. -Packets which are rejected by the filter are silently discarded. This -option can be used to prevent specific network daemons (such as -routed) using up link bandwidth, or to provide a very basic firewall +.B pass-filter-in \fIfilter-expression +.TP +.B pass-filter-out \fIfilter-expression +Specifies an incoming and outgoing packet filter to applied to data +packets being sent or received to determine which packets should be +allowed to pass. Packets which are rejected by the filter are silently +discarded. This option can be used to prevent specific network daemons +(such as routed) using up link bandwidth, or to provide a basic firewall capability. -The \fIfilter\-expression\fR syntax is as described for tcpdump(1), +The \fIfilter-expression\fR syntax is as described for tcpdump(8), except that qualifiers which are inappropriate for a PPP link, such as \fBether\fR and \fBarp\fR, are not permitted. Generally the filter expression should be enclosed in single-quotes to prevent whitespace in the expression from being interpreted by the shell. Note that it is possible to apply different constraints to incoming and outgoing packets using the \fBinbound\fR and \fBoutbound\fR qualifiers. This -option is currently only available under Linux, and requires that the -kernel was configured to include PPP filtering support (CONFIG_PPP_FILTER). +option is currently only available under Linux and NetBSD, and requires +that the kernel was configured to include PPP filtering support +(CONFIG_PPP_FILTER in Linux, PPP_FILTER in NetBSD). .TP .B password \fIpassword\-string Specifies the password to use for authenticating to the peer. Use @@ -897,7 +940,7 @@ pseudo-tty master/slave pair and use the device. The \fIscript\fR will be run in a child process with the pseudo-tty master as its standard input and output. An explicit device name may not be given if this option is used. (Note: if the -\fIrecord\fR option is used in conjuction with the \fIpty\fR option, +\fIrecord\fR option is used in conjunction with the \fIpty\fR option, the child process will have pipes on its standard input and output.) .TP .B receive\-all @@ -1085,7 +1128,7 @@ those which permit potentially insecure are only accepted in files which are under the control of the system administrator, or if pppd is being run by root. .PP -The default behaviour of pppd is to allow an unauthenticated peer to +The default behavior of pppd is to allow an unauthenticated peer to use a given IP address only if the system does not already have a route to that IP address. For example, a system with a permanent connection to the wider internet will normally have a @@ -1148,7 +1191,7 @@ independent authentication exchanges wil could use different authentication protocols, and in principle, different names could be used in the two exchanges. .LP -The default behaviour of pppd is to agree to authenticate if +The default behavior of pppd is to agree to authenticate if requested, and to not require authentication from the peer. However, pppd will not agree to authenticate itself with a particular protocol if it has no secrets which could be used to do so. @@ -1289,7 +1332,7 @@ been able to negotiate the same addresse the interface (for example when the peer is an ISP that uses dynamic IP address assignment), pppd has to change the interface IP addresses to the negotiated addresses. This may disrupt existing connections, -and the use of demand dialling with peers that do dynamic IP address +and the use of demand dialing with peers that do dynamic IP address assignment is not recommended. .SH MULTILINK Multilink PPP provides the capability to combine two or more PPP links @@ -1356,7 +1399,7 @@ connect '/usr/sbin/chat \-v \-f /etc/ppp noauth .LP In this example, we are using chat to dial the ISP's modem and go -through any logon sequence required. The /etc/ppp/chat\-isp file +through any log on sequence required. The /etc/ppp/chat\-isp file contains the script used by chat; it could for example contain something like this: .IP @@ -1374,7 +1417,7 @@ ABORT "Username/Password Incorrect" .br "" "at" .br -OK "at&d0&c1" +OK "at\*[Am]d0\*[Am]c1" .br OK "atdt2468135" .br @@ -1617,7 +1660,7 @@ invoked in the same manner and with the script. .TP .B /etc/ppp/ipv6\-up -Like /etc/ppp/ip\-up, except that it is executed when the link is available +Like /etc/ppp/ip\-up, except that it is executed when the link is available for sending and receiving IPv6 packets. It is executed with the parameters .IP \fIinterface\-name tty\-device speed local\-link\-local\-address @@ -1625,7 +1668,7 @@ remote\-link\-local\-address ipparam\fR .TP .B /etc/ppp/ipv6\-down Similar to /etc/ppp/ip\-down, but it is executed when IPv6 packets can no -longer be transmitted on the link. It is executed with the same parameters +longer be transmitted on the link. It is executed with the same parameters as the ipv6\-up script. .TP .B /etc/ppp/ipx\-up @@ -1635,7 +1678,7 @@ executed with the parameters .IP \fIinterface\-name tty\-device speed network\-number local\-IPX\-node\-address remote\-IPX\-node\-address local\-IPX\-routing\-protocol remote\-IPX\-routing\-protocol -local\-IPX\-router\-name remote\-IPX\-router\-name ipparam pppd\-pid\fR +local\-IPX\-router\-name remote\-IPX\-router\-name ipparam pppd\-pid\fR .IP The local\-IPX\-routing\-protocol and remote\-IPX\-routing\-protocol field may be one of the following: @@ -1786,7 +1829,6 @@ This signal causes pppd to renegotiate c useful to re-enable compression after it has been disabled as a result of a fatal decompression error. (Fatal decompression errors generally indicate a bug in one or other implementation.) - .SH AUTHORS Paul Mackerras (paulus@samba.org), based on earlier work by Drew Perkins,