IRIX Base Documentation 2002 November

home *** CD-ROM | disk | FTP | other *** search

/ IRIX Base Documentation 2002 November / SGI IRIX Base Documentation 2002 November.iso / usr / share / catman / a_man / cat1 / ppp.z / ppp

Wrap

Text File | 2002-10-03 | 62.7 KB | 1,255 lines

pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) NNNNAAAAMMMMEEEE ppp, if_ppp, ppp_fram - Point-to-Point Protocol SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS pppppppppppp [----dddd] [----rrrr _r_e_m_o_t_e] [----ffff _c_f_i_l_e] DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN PPP is a standard protocol for transmitting network data over point-to- point links using synchronous modems, asynchronous modems, or ISDN links. It can be used to transfer data between applications which are using TCP/IP or UDP/IP. The _p_p_p program is used to connect to a remote machine. It does everything necessary to permit network data to reach the modem or ISDN line, and to connect the TTY port to the rest the network system. It does things that are done by iiiiffffccccoooonnnnffffiiiigggg(1M) for other network interfaces. The result is a "point-to-point" link that can be part of an existing IP interwork. The ----dddd flag requests additional debugging information. Additional instances of -d produce more information. The debugging information is sent to the system log (usually /_v_a_r/_a_d_m/_S_Y_S_L_O_G) if its standard error file descriptor is not a tty. The signals SIGUSR1 and SIGUSR2 increase and decrease the amount of debugging information. Avoid increasing the debugging level to more than 1, because entire packets will be logged, including those containing PPP PAP and CHAP names and passwords, which can let anyone who can read the system log discover the passwords. Another reason to avoid increasing the debugging level to more than 1 is that turns on messages from the IRIX kernel. While the kernel is displaying the message, it has all interrupts turned off, which can cause input to be lost, which often causes more messages from the kernel, and so on. The ----ffff flag specifies an alternative control file instead of /_e_t_c/_p_p_p._c_o_n_f. The ----rrrr flag specifies the label of an entry in the control file. If ----rrrr is absent, the value of the environment variable $USER specifies the label of the control file entry. The operation of the ppp program is controlled by a control file. The control file must be owned by and readable only by UID=0, because it can contain PAP or CHAP authentication secrets. Comment lines in the control file start with a '#' character and are ignored, as are blank lines. A '#' character after a keyword and value also signals a comment to the end of the line. Each entry starts with a label that is often the name of a remote system. Non-blank, non-comment lines that start with blanks or tabs are continuations of the previous non-comment line. Each label is followed by zero or more keywords or keywords followed by an "=" PPPPaaaaggggeeee 1111 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) character and a value. Blanks separate keywords. Upper and lower case letters have the same significance in keywords. Values for keywords can be quoted to contain blanks or '#' characters. Standard backslash escape sequences are supported, except that NUL is never permitted. There are a large number of parameters that can be modified. TTTThhhheeee ddddeeeeffffaaaauuuulllltttt vvvvaaaalllluuuueeeessss ooooffff tttthhhheeee ppppaaaarrrraaaammmmeeeetttteeeerrrrssss aaaarrrreeee aaaapppppppprrrroooopppprrrriiiiaaaatttteeee ffffoooorrrr mmmmoooosssstttt ssssiiiittttuuuuaaaattttiiiioooonnnnssss.... UUUUnnnnnnnneeeecccceeeessssssssaaaarrrryyyy cccchhhhaaaannnnggggeeeessss ttttoooo tttthhhheeeesssseeee ppppaaaarrrraaaammmmeeeetttteeeerrrrssss iiiissss tttthhhheeee mmmmoooosssstttt ccccoooommmmmmmmoooonnnn ccccaaaauuuusssseeee ooooffff pppprrrroooobbbblllleeeemmmmssss.... A machine that only answers calls need not have a control file at all. Consider using a control file based on the sample below. PPP authentication is not strictly necessary when using asynchronous modems, because ordinary UNIX usernames and passwords are checked. Because the ISDN calling-number information is not always available, it is important to use authentication incoming ISDN connections, often with rrrreeeeccccoooonnnnffffiiiigggguuuurrrreeee. It is also important to use authentication on switched synchronous wide area network connections.` When the default value for ----rrrr is used (for example when ppp is the shell for an account), some parameters such as the iiiinnnn, oooouuuutttt, and qqqquuuuiiiieeeetttt modes are ignored. This allows a single control line to serve for both input and output. The machine that originates the PPP connection (or both machines for symmetric demand dialing) can usually start the ppp program with pppppppppppp ----rrrr rrrreeeemmmmooootttteeee. The machine that answers a modem call (both machines for symmetric demand dialing using modems) should have an account with a "shell" that is the ppp program. The resulting $USER environment variable is then used to select an entry in the control file. An incoming ISDN call causes the ISDN daemon (see iiiissssddddnnnndddd(1M)) to start the ppp program with $USER set to _ISDN_INCOMING. An incoming synchronous wide area call causes the WSYNC deamon (see wwwwssssyyyynnnnccccdddd(1M)) to start the ppp program with $USER set to _WSYNC_INCOMING. The following list of control file parameters is somewhat ordered into groups of related functions, with groups least unlikely to be changed first. ddddeeeebbbbuuuugggg[[[[====_n_u_m] increases the debugging information sent to the system log. See also the ----dddd flag described above, including the warning about high levels of debugging. ccccoooonnnnttttiiiinnnnuuuueeee====_n_a_m_e effectively concatenates the named control file entry to the current line. This can be used with a line naming a fictitious system but containing common settings. To avoid security and other problems, _n_a_m_e should not be a valid hostname. Including a character invalid in a hostname, as in +_c_o_m_m_o_n, is a good idea. PPPPaaaaggggeeee 2222 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) rrrreeeeccccoooonnnnffffiiiigggguuuurrrreeee indicates that this control file entry is a generic (probably incoming) entry, and that the remote machine must provide a _n_a_m_e using one of the PPP authentication protocols. The name is used to select a new control file entry, and that entry is used to set almost all PPP parameters. This mechanism is useful for ISDN and WSYNC connections which do not use the familiar _g_e_t_t_y and _l_o_g_i_n mechanisms. When the CHAP protocol is used, the remote system must receive a "challenge" so that it can respond with its name. sssseeeennnndddd____nnnnaaaammmmeeee must be used in the rrrreeeeccccoooonnnnffffiiiigggguuuurrrreeee entry if the name used in the challenge is not the local hostname. The "secrets" used with CHAP authentication should be specified in the entry parsed after the rrrreeeeccccoooonnnnffffiiiigggguuuurrrreeee entry. The reconfiguration entry should only pick the authentication protocol(s) and (if necessary) specify the CHAP name to send. The only parameters that are not reset according to the new entry are those that cannot be changed, having already been used to configure the link. Other parameters are either set to the values specified in the new control file entry or to their defaults. Some parameters such as ACCM that have already been negotiated but that can be renegotiated with the other system can be changed between the rrrreeeeccccoooonnnnffffiiiigggguuuurrrreeee entry and the new entry. If possible, it is best specify as little as possible, using the default parameters in the reconfigure entry. If an explicit rrrreeeeccccvvvv____nnnnaaaammmmeeee is not specified, then any valid username on the local system can be sent by the PPP peer. A list of explicit names can be used to restrict the permitted names. rrrreeeeccccvvvv____nnnnaaaammmmeeee====_n_a_m_e requires the remote machine to authenticate itself using _n_a_m_e and the corresponding IRIX (PAP) password or specified CHAP secret. A null _n_a_m_e allows the remote machine to authenticate itself using PAP with any IRIX username valid on the local machine. Several rrrreeeeccccvvvv____nnnnaaaammmmeeee specifications can be used to accept any of several names. This is useful in a rrrreeeeccccoooonnnnffffiiiigggguuuurrrreeee entry. The parameter is redundant and ignored in the control file entry parsed after the reconfigure entry, because a name has already been received from the peer and used to choose the new control file entry. However, that entry might be parsed for an out-going connection and so might need the parameter then. Whether the name is used in the PAP or the CHAP protocols depends on which of the two protocols are negotiated. Which of the protocols are acceptable and so might be negotiated depends on whether sssseeeennnndddd____ppppaaaapppp, sssseeeennnndddd____cccchhhhaaaapppp, and so on are specified. In the absence of any specification and when passwords, names, or rrrreeeeccccoooonnnnffffiiiigggguuuurrrreeee are specified, PAP is the default. When both are specified, then CHAP is offered to the peer first. PPPPaaaaggggeeee 3333 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) The PAP name and password received from the peer must be in the familiar IRIX password and username database. The UID, GUID, "shell" and other parameters associated with the username are ignored. The PAP name and password sent to the peer and the CHAP names and passwords need not be in the IRIX password database. If neither rrrreeeeccccvvvv____nnnnaaaammmmeeee nor any other authentication parameter is specified and rrrreeeeccccoooonnnnffffiiiigggguuuurrrreeee is not used, then no PAP requests will be sent, the remote machine need not authenticate itself, and any authentication it offers will be accepted. Such a lack of authentication is often considered a bad idea. sssseeeennnndddd____nnnnaaaammmmeeee====_n_a_m_e specifies the name to be sent to the remote machine as part of PAP or CHAP authentication. The remote machine might or might not treat the _n_a_m_e it receives as an IRIX username. If PAP and not CHAP is used, the name to be sent can be omitted from a control file entry with rrrreeeeccccoooonnnnffffiiiigggguuuurrrreeee, in which case the local system will delay authenticating itself with PAP to the other system until the peer has authenticated itself. That allows the PAP name to be in the second control file entry chosen according to the name supplied by the peer when it authenticated itself. If the name is specified in the reconfigure entry, it cannot be changed in the second control file entry, although the same name can be specified again. If the name is not specified, but CHAP is specified with sssseeeennnndddd____cccchhhhaaaapppp or rrrreeeeccccvvvv____cccchhhhaaaapppp, then the hostname is the default. This name is used in both CHAP challenges and responses to name this machine. This name must be the same in both the rrrreeeeccccoooonnnnffffiiiigggguuuurrrreeee and second control file entries, even when it is defaulted and not explicitly specified. sssseeeennnndddd____ppppaaaasssssssswwwwdddd====_s_t_r_i_n_g specifies the password to be sent to the remote machine as PAP authentication or the secret used to generate CHAP responses. The CHAP rrrreeeeccccvvvv____ppppaaaasssssssswwwwdddd and sssseeeennnndddd____ppppaaaasssssssswwwwdddd secrets should be distint to avoid a security problem. The control file must be readable only for UID=0 to keep such passwords secret. The password to be sent to the peer can be omitted from the rrrreeeeccccoooonnnnffffiiiigggguuuurrrreeee entry, in which case the local system will delay authenticating itself until the peer has begun authenticated itself. That allows the password to be in the second control file entry chosen according to the name supplied by the peer when it authenticated itself. If the password is specified in the PPPPaaaaggggeeee 4444 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) reconfigure entry, it cannot be changed in the second control file entry. rrrreeeeccccvvvv____ppppaaaasssssssswwwwdddd====_s_t_r_i_n_g specifies the "secret" used to generate responses to CHAP challenges from the other system. If CHAP is turned on with rrrreeeeccccvvvv____cccchhhhaaaapppp, then a secret must be specified. The CHAP rrrreeeeccccvvvv____ppppaaaasssssssswwwwdddd and sssseeeennnndddd____ppppaaaasssssssswwwwdddd secrets should be distint to avoid a security problem. The control file must be readable only for UID=0 to keep such passwords secret. sssseeeennnndddd____ppppaaaapppp says that this system can authenticate itself to the other system by sending PAP requests. ----sssseeeennnndddd____ppppaaaapppp says that this system will not authenticate itself to the other system by sending PAP requests. sssseeeennnndddd____cccchhhhaaaapppp says that this system can authenticate itself to the other system by sending CHAP responses in answer to CHAP challenges received from the other system. CHAP is preferred to PAP if both are available when sssseeeennnndddd____ppppaaaapppp is also specified. ----sssseeeennnndddd____cccchhhhaaaapppp prevents this system from authenticating itself by sending CHAP responses CHAP. rrrreeeeccccvvvv____ppppaaaapppp says this system would like to authenticate the remote system by receiving PAP requests from the remote system. ----rrrreeeeccccvvvv____ppppaaaapppp says the other system cannot authenticate itself to this system with PAP. rrrreeeeccccvvvv____cccchhhhaaaapppp says the other system can authenticate itself to this system with CHAP responses answering CHAP challenges sent by this system. CHAP is preferred if both PAP and CHAP are available when rrrreeeeccccvvvv____ppppaaaapppp is also specified. ----rrrreeeeccccvvvv____cccchhhhaaaapppp says the other system cannot authenticate itself to this system with CHAP. PPPPaaaaggggeeee 5555 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) mmmmaaaaxxxx____aaaauuuutttthhhh____sssseeeeccccssss====_s_e_c_s changes the time the deadline for the other machine to respond to an authorization request from the default of 30 seconds. aaaauuuutttthhhh____sssseeeeccccssss====_s_e_c_s changes delay between retransmissions of authentication requests from the default of 5 seconds. cccchhhhaaaapppp____rrrreeeeaaaauuuutttthhhh____sssseeeeccccssss====_s_e_c_s causes CHAP challenges to be sent periodically. The interval must be at least 10 seconds and at most 2 hours or 7200 seconds ----uuuuttttmmmmpppp turns off the "utmp" entries (see uuuuttttmmmmpppp(4)) otherwise added for incoming ISDN or T1 and all outgoing connections. nnnneeeettttmmmmaaaasssskkkk====_m_a_s_k overrides the default netmask for the link. Because a PPP link is a point-to-point link, the netmask is not used directly. However, the new RIP routing daemon uses it to infer whether subnetting is used by the remote system. Thus, if the remote system is treating the link as "unnumbered" and using its primary host address for its end of the link, then the local PPP interface should have the netmask that the remote system is using for its primary network interface. mmmmeeeettttrrrriiiicccc====_n_u_m overrides the default routing metric associated with the link. mmmmttttuuuu====_n_u_m overrides the default, 1500 byte "maximum transmission unit" or MTU associated with a PPP link. The normal PPP negotiating mechanism can be used by the computer on the other end of the link to reduce the size of packets transmitted by the local machine when the link is first made. The MTU cannot be reduced after kernel has committed to is, as with demand dialing. aaaadddddddd____rrrroooouuuutttteeee="_r_t-_c_m_d" executes the command `/usr/etc/route rt-cmd`, presumably to add an IP route to the kernel routing tables. The environment variable $REMOTEADDR contains the IP address of the remote machine, the address at the other end of the PPP link. See rrrroooouuuutttteeee(1M). If the _r_t-_c_m_d starts with "add" and if the ----ddddeeeellll____rrrroooouuuutttteeee is not used, then the route will be deleted when the ppp program ends and interface is removed. Note that this route is a "static route." Routing daemons such as gated and routed should usually be turned off when this keyword is used, except when the new version of routed initially available in a patch for IRIX 6.2 is used. See ggggaaaatttteeeedddd(1M), rrrroooouuuutttteeeedddd(1M), and cccchhhhkkkkccccoooonnnnffffiiiigggg(1M). PPPPaaaaggggeeee 6666 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) aaaadddddddd____rrrroooouuuutttteeee has the same effect as aaaadddddddd____rrrroooouuuutttteeee====""""_a_d_d _d_e_f_a_u_l_t #". ----ddddeeeellll____rrrroooouuuutttteeee turns off the default removal of the route added by aaaadddddddd____rrrroooouuuutttteeee. ddddeeeellll____rrrroooouuuutttteeee="_r_t-_c_m_d" executes the command `/usr/etc/route _r_t-_c_m_d` when the PPP link is shut down, presumably to delete a route added with aaaadddddddd____rrrroooouuuutttteeee. This is useful in case the route added did not start with "add" and so when the default removal of the route is disabled. pppprrrrooooxxxxyyyy____aaaarrrrpppp====_i_f_n_a_m_e specifies that an ARP table entry for the IP address of the remote system should be added using the MAC address of the specified interface. ----pppprrrrooooxxxxyyyy____aaaarrrrpppp turns off the default addition of an ARP table entry for the remote system. Otherwise, if the IP address of the remote system has a network number equal to one of the non-point-to-point interfaces of the local system, then a suitable proxy-ARP table entry will be added. uuuuuuuuccccpppp____nnnnaaaammmmeeee====_u_n_a_m_e specifies a name in the /_e_t_c/_u_u_c_p/_S_y_s_t_e_m_s file for dialing. Its default value is the remote machine name. UUCP hostnames can be at most 7 or sometimes 8 characters long. It is useful to use one name for dialing and another for TCP/IP when the more public, harder to change TCP/IP name is longer than 7 characters. llllooooccccaaaallllhhhhoooosssstttt====_i_p_n_a_m_e[,_m_a_s_k] specifies one of the set of IP addresses for the local end of the PPP link. Additional instances of the keyword add to the set of acceptable local addresses. During the IP part of negotiations during the PPP connection initiation, the local machine insists that the negotiated address be a member of the set. The _i_p_n_a_m_e can be a hostname or a numeric IP address. If absent, the mask is assumed to be "255.255.255.255". The pair (_i_p_n_a_m_e,_m_a_s_k) specifies all IP addresses such that ipname&~mask=0, or in other words, all addresses that match modulo the mask. (Note that this mask has nothing to do with a "netmask.") If there is more than one llllooooccccaaaallllhhhhoooosssstttt keyword in a single line in the control file, the set used during negotiations is the union of the sets specified by all of the keywords. Use llllooooccccaaaallllhhhhoooosssstttt====_0,_0 to let the remote machine pick any IP address for this machine. If the set consists of a single IP address (e.g. a single localhost keyword with a default mask or a mask of 255.255.255.255), the local machine will not only reject requests to use any other address, but will also propose the address with IPCP configuration request packets. PPPPaaaaggggeeee 7777 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) If there are no llllooooccccaaaallllhhhhoooosssstttt keywords, the set of local addresses defaults to the address of the local machine. The default is usually appropriate, whether connecting two ethernets or extending an ethernet to a distant, isolated workstation. When connecting isolated workstations, it is best to use a single network number and allocate host numbers on that network for remote workstations. rrrreeeemmmmooootttteeeehhhhoooosssstttt====_i_p_n_a_m_e[,_m_a_s_k] specifies one of the set of IP addresses of the remote end of the PPP link. It behaves just like the llllooooccccaaaallllhhhhoooosssstttt keyword, except that the remote end of link is being named and the default is the label of the control file entry or the UUCP name, if either is a valid hostname. If neither is a valid hostname, it defaults to rrrreeeemmmmooootttteeeehhhhoooosssstttt====_0,_0 to let the remote machine negotiate any IP address it wants. In qqqquuuuiiiieeeetttt mode, the IP addresses of the PPP link are configured before the other machine is contacted, since the rest of the system must know the addresses in order to send traffic over the link to cause the link to be dialed. That means that in quiet mode, the IP addresses cannot be defaulted or negotiated. rrrreeeemmmm____ssssyyyyssssnnnnaaaammmmeeee====_n_a_m_e specifies a name for the remote system. This name may differs from the remote hostname of the system. By default, this name is the same as the label of the control file entry, specified with ----rrrr or the environment variable $USER. This control is necessary only when MP Endpoint Discriminators are turned off or not supported by the peer. ----aaaaddddddddrrrr____nnnneeeeggggoooottttiiiiaaaatttteeee disables IPCP address negotiation. This is useful only when the peer does not implement the ADDR Configure-Request option, the default values for rrrreeeemmmmooootttteeeehhhhoooosssstttt and llllooooccccaaaallllhhhhoooosssstttt are correct, and it is worthwhile to save the cost of an extra round of Configure-Reject and Configure-Request. Use of this facility should be avoided, because it disables the detection of one of the most common configuration errors. aaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt====_s_e_c_s sets the number of seconds of idleness while at least one TCP connection seems to be open before the PPP link is broken. The lower layers snoop on packets to infer the number of open TCP connections that go over the link. This snooping cannot be made entirely reliable, because the end of the connection may be a distant machine that forwards only some of its packets through this machine, and because only TCP/IP packets transmitted by this machine are observed. The active timeout must be no smaller than the iiiinnnnaaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt. See the qqqquuuuiiiieeeetttt mode. In quiet mode, the active_timeout defaults to the inactive_timeout, and if neither is specified, the PPPPaaaaggggeeee 8888 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) active_timeout defaults to 300 and the inactive_timeout to 30 seconds. Such values limit many telephone calls for quick, automatic transactions like email to less than a minute, without making interactive sessions painful. As long as you type at least once every 5 minutes in an interactive session, the link will remain active. iiiinnnnaaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt====_s_e_c_s sets the number of seconds of idleness while no TCP connections seem to be open before the PPP link is broken. This timeout must no larger than the aaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt. See the qqqquuuuiiiieeeetttt mode. In quiet mode, the inactive_timeout defaults to the active_timeout, and if neither is specified, the active timeout defaults to 300 and the inactive timeout to 30 seconds. When non-TCP applications are being used, or when applications such as Mosaic, involving many short-lived TCP connections are used, it can be useful to open a TCP connection (e.g. telnet or login) to a remote system to invoke the longer, aaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt. Specifying a timeout with aaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt or iiiinnnnaaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt turns on "demand dialing". See qqqquuuuiiiieeeetttt. ttttoooollllllll____bbbboooouuuunnnnddddaaaarrrryyyy====_b_i_l_l_i_n_g__s_e_c_s overrides aaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt and iiiinnnnaaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt until the link as been active approximately multiple of _b_i_l_l_i_n_g__s_e_c_s seconds. For example, if the telephone company bills for complete minutes, an idle link may as well remain connected until near the end of the current minute. bbbbuuuussssyyyy____ddddeeeellllaaaayyyy====_s_e_c_s sets the delay before complete saturation of the current links causes the addition of an additional line, provided there are fewer lines currently active than specified with oooouuuuttttddddeeeevvvvssss. The default delay is 10 seconds, and it is always rounded up to a multiple of 5 seconds. iiiiddddlllleeee____ddddeeeellllaaaayyyy====_s_e_c_s sets the period of at least partial idleness with no moments of complete saturation of the links before one of the active lines in excess of the number specified with mmmmiiiinnnnddddeeeevvvvssss is turned off. Only links started by the local machine are turned off when they are idle. If all links are completely idle, the aaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt and iiiinnnnaaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt will turn off all lines, including incoming lines. The default delay is 30 seconds, and it is always rounded up to a multiple of 5 seconds. bbbbppppssss====_n_u_m overrides the automatic measurements of the speed of the device. PPPPaaaaggggeeee 9999 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) mmmmaaaaxxxxddddeeeevvvvssss====_n_u_m changes the maximum number of multilink serial lines. Connections in excess of this number are refused. oooouuuuttttddddeeeevvvvssss====_n_u_m sets the maximum number of multilink serial lines that will be used when originating a call. If the mmmmaaaaxxxxddddeeeevvvvssss value is greater than the oooouuuuttttddddeeeevvvvssss value, additional incoming connections in excess of the oooouuuuttttddddeeeevvvvssss limit are permitted. mmmmiiiinnnnddddeeeevvvvssss====_n_u_m changes the minimum number of multilink serial lines (e.g. modems) from the default of 1. An additional connection is attempted whenever there are fewer, provided this system originated the call. uuuunnnnssssaaaaffffeeee____mmmmpppp allows the system answering the phone to add a link to the multilink bundle. This is usually undesirable, unless the other system is too dumb to add links to the bundle when the bundle is saturated. ----mmmmpppp disables the PPP multilink protocol, MP. The BF&I multilink protocol will be used instead. mmmmpppp____sssseeeennnndddd____ssssssssnnnn try to send short MP sequence numbers; mmmmpppp____rrrreeeeccccvvvv____ssssssssnnnn accept short MP sequence numbers; mmmmpppp____hhhheeeeaaaaddddeeeerrrrssss requires MP headers even when the bundle consists of a single link. ----eeeennnnddddppppooooiiiinnnntttt____ddddiiiissssccccrrrriiiimmmmiiiinnnnaaaattttoooorrrr turn off endpoint-descriptors when talking to a broken system. Endpoint-descriptors extremely useful. ----mmmmpppp____ffffrrrraaaagggg avoids MP fragmentation as much as possible. mmmmaaaapppp____cccchhhhaaaarrrr____nnnnuuuummmm====_n_u_m adds a character to the list of those that must be escaped when transmitted over the PPP link. Not just control characters, but any character other than the PPP 0x5e can be marked to be escaped. However, only control characters can be negotiated to be escaped when received. See mmmmaaaapppp____cccchhhhaaaarrrr. aaaaccccccccmmmm====_n_u_m sets the list (Async-Control-Character-Map or ACCM) of characters that must be escaped when transmitted over the PPP link. See mmmmaaaapppp____cccchhhhaaaarrrr. PPPPaaaaggggeeee 11110000 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) mmmmaaaapppp____cccchhhhaaaarrrr====_c_h_a_r_s adds the control characters corresponding to the letters in the string _c_h_a_r_s to the list of those that must be escaped when transmitted over the PPP link. By default, the list is empty, but other commonly used lists are all (aaaaccccccccmmmm====_0_x_f_f_f_f_f_f_f_f) and NUL, XOFF, and XON (mmmmaaaapppp____cccchhhhaaaarrrr=@_Q_S). aaaaccccccccmmmm____ppppaaaarrrriiiittttyyyy causes control characters to be escaped regardless of their "parity" bit. ----rrrrxxxx____aaaaccccccccmmmm Control characters that are received from the peer and in the ACCM negotiated with the peer must be discarded according to the PPP standard. This is because there are two reasons for escaping control characters. They might be gratuitously removed by modems or other equipment in the line, or they might by gratuitously added. This switch overrides the default behavior of discarding bytes that should have been escaped but were not. The transmit ACCM is separate from the receive ACCM. There is nothing the receiver can do except suggest during the negotiations when the link is made that transmitter escape more bytes and discard bytes that were not escaped but should have been. iiiinnnn specifies "input mode" for the ppp program. In this mode, the local machine is expected to accept connections (e.g. telephone calls) for the remote machine. See qqqquuuuiiiieeeetttt. oooouuuutttt specifies "output mode" for the ppp program. In this mode, the local machine is expected to initiate the connection to the remote machine (e.g. place the telephone call). Specifying a timeout with aaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt or iiiinnnnaaaaccccttttiiiivvvveeee____ttttiiiimmmmeeeeoooouuuutttt turns on "demand dialing" that differs from "quiet mode" only in immediately making the connection without waiting for traffic. See qqqquuuuiiiieeeetttt. qqqquuuuiiiieeeetttt specifies "quiet mode" for the ppp program. When there is traffic, it creates the connection. When the link seems to be idle, it breaks the connection, and later restores it when there is more traffic. This is sometimes called "demand dialing." A qqqquuuuiiiieeeetttt connection must know both IP addresses before the connection is established, because the connection is not made until traffic is waiting, traffic cannot exist until the remote and local IP addresses are known, and so the normal IP address negotiation mechanism is not available, and so rrrreeeemmmmooootttteeeehhhhoooosssstttt and llllooooccccaaaallllhhhhoooosssstttt must be explicitly specified. While a qqqquuuuiiiieeeetttt mode connection can be started at the receiving end of PPPPaaaaggggeeee 11111111 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) a connection, it may not have the desired effect. The daemon does not expect to use the serial connection to its standard input in quiet mode. If started in quiet mode as the result of the remote system dialing in, the daemon will ignore the incoming serial connection. It expects to wait quietly until it sees locally generated traffic and the need to dial its own new link. One might conceivably start a quiet mode daemon remotely for a simple kind of traffic driven or "demand dial-back." ccccaaaammmmpppp turns on "camping," a mode in which the ppp program continually tries to reestablish the link whenever it is broken. Camping can only be used in oooouuuutttt mode. When practical, "demand dialing" with qqqquuuuiiiieeeetttt mode is more convenient. mmmmooooddddwwwwaaaaiiiitttt====_s_e_c_s sets the number of seconds the modem is allowed to cool before attempting a call. The default is 5 seconds. Too short a delay between attempts to use the modem can cause various messages, including the ever popular "DEVICE LOCKED". mmmmooooddddttttrrrriiiieeeessss====_n_u_m sets the number of consecutive tries to dial the remote machine before temporarily giving up, putting the message "giving up for now" into the system log, and flushing the output queue. When demand dialing is used, a new series of attempts will be made soon after a new packet is put into the output queue (see mmmmooooddddwwwwaaaaiiiitttt). mmmmooooddddppppaaaauuuusssseeee====_n_u_m changes the delay after failed series of attempts to dial the remote machine from the default of 0 to _n_u_m seconds. rrrreeeessssttttaaaarrrrtttt____mmmmssss====_m_i_l_l_i_s_e_c_o_n_d_s changes the initial delay before retransmitting PPP control packets from the default of 1 seconds. rrrreeeessssttttaaaarrrrtttt____mmmmssss____lllliiiimmmm====_m_i_l_l_i_s_e_c_o_n_d_s changes the limit on the binary exponential increase of rrrreeeessssttttaaaarrrrtttt____mmmmssss from the default of 8 seconds. ccccccccpppp____rrrreeeessssttttaaaarrrrtttt____mmmmssss====_m_i_l_l_i_s_e_c_o_n_d_s changes the delay before retransmitting CCP (PPP compression control protocol) packets from the default of 6 seconds. This timer has no backoff and starts out longer, because CCP is often done while the link is otherwise very busy. A 3 second timeout is too short on a busy 9600 bit/sec link with a 1500-byte MTU. mmmmaaaaxxxx____FFFFSSSSMMMM____ffffaaaaiiiillll====_n_u_m changes the limit on the number of times the PPP finite state machine will attempt to negotiate (i.e. Configure-Requests and receive Configure-Naks or Configure-Rejects). The default is 10. PPPPaaaaggggeeee 11112222 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) mmmmaaaaxxxx____FFFFSSSSMMMM____ccccoooonnnnffff====_n_u_m changes the number of times the PPP FSM will send a Configuration- Request without receiving a response before giving up (.e. send Configure-Requests and no response). The default is 10. mmmmaaaaxxxx____FFFFSSSSMMMM____tttteeeerrrrmmmm====_n_u_m changes the number of times a Terminate-Request will be sent by the local FSM before turning off the link unilaterally. Use _m_a_x__F_S_M__t_e_r_m or _m_a_x__t_e_r_m__m_s but not both. mmmmaaaaxxxx____tttteeeerrrrmmmm____mmmmssss====_m_i_l_l_i_s_e_c_o_n_d_s changes the duration Terminate-Requests will be sent by the local FSM before turning off the link unilaterally. Use _m_a_x__F_S_M__t_e_r_m or _m_a_x__t_e_r_m__m_s but not both. The default is 7 seconds. ----LLLLCCCCPPPP____IIIIDDDDEEEENNNNTTTT turns off LCP Identification packets. See RFC 1570. ----LLLLCCCCPPPP____EEEECCCCHHHHOOOOSSSS turns off LCP Echo Requests. By default, an LCP Echo Request packet is sent periodically to ensure that the peer is still working. LLLLCCCCPPPP____EEEECCCCHHHHOOOO____IIIINNNNTTTTEEEERRRRVVVVAAAALLLL====_n_u_m changes the repetition rate of LCP Echo Requests from its default value of 10 seconds. The new value must be between 1 and 120 seconds. nnnnooooiiiiccccmmmmpppp causes the system to discard all ICMP packets instead of transmitting them over the link. This is intended for extremely low speed links. qqqqmmmmaaaaxxxx====_n_u_m sets the maximum depth of the interface queue. The size of the queue can be monitored with the _n_e_t_s_t_a_t command. ----tttteeeellllnnnneeeettttttttoooossss turns off the "telnet type of service hack," which tries to give interactive traffic better service by moving ICMP packets and TCP packets to or from ports 23, 513, or 518 to the front of the transmit queue. Note that the IP TOS "low delay" bits are always honored by the PPP driver. iiiinnnnaaaacccctttt____ppppoooorrrrtttt====_p_o_r_t adds the TCP or UDP port number _p_o_r_t to the list of ports that are _n_o_t considered evidence of activity. Traffic transmitted by this machine to ports not in the list causes the system to restore the PPP link (while in qqqquuuuiiiieeeetttt mode). The port can be specified by number, service name in /_e_t_c/_s_e_r_v_i_c_e_s, or NNNNIIIISSSS service name. By default, the list contains only ports 13 (daytime), 37 (time), 123 (ntp), 520 (route), and 525 (timed). PPPPaaaaggggeeee 11113333 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) ----iiiinnnnaaaacccctttt____ppppoooorrrrtttt clears the list of uninteresting port numbers, making all ports evidence of traffic. iiiinnnnaaaacccctttt____iiiiccccmmmmpppp====_t_y_p_e adds an ICMP packet type to the list of types that are _n_o_t considered evidence of activity. Other kinds of ICMP packets cause the system to restore the PPP link (while in qqqquuuuiiiieeeetttt mode). The packet type must be a number from /_u_s_r/_i_n_c_l_u_d_e/_n_e_t_i_n_e_t/_i_p__i_c_m_p._h. By default, the list contains only 5 (ICMP_UNREACH), 4 (ICMP_SOURCEQUENCH), 9 (ICMP_ROUTERADVERT), 10 (ICMP_ROUTERSOLICIT), 13 (ICMP_TSTAMP), and 14 (ICMP_TSTAMPREPLY). ----iiiinnnnaaaacccctttt____iiiiccccmmmmpppp clears the list of uninteresting ICMP packet types. ssssyyyynnnncccc ----ssssyyyynnnncccc indicate whether the line is "synchronous" or "asynchronous." The default is asynchronous, except when its major device number is known to be that of an ISDN line or when the top-most STREAMS module is not recognized as the familiar module "TTY line discipline." xxxxoooonnnn____xxxxooooffffffff turns on "XON/XOFF" or "software flow control" when a modem is used. This should be avoided if at all possible. ----ppppccccoooommmmpppp disables PPP LCP protocol field compression. It is on by default. ----aaaaccccoooommmmpppp disables PPP LCP address and control field compression. It is on by default on asynchronous links. ----vvvvjjjj____ccccoooommmmpppp disables Van Jacobson TCP/IP header compression. It is on by default. vvvvjjjj____ccccoooommmmppppssssllllooootttt enables compression of the Van Jacobson TCP/IP header compression slot ID. It is off by default, and should be off whenever there is no reliable notification of the kernel PPP code of lost bytes. There is no such notification over IRIX asynchronous serial lines. Van Jacobson header compression is described in RFC 1144. ----vvvvjjjj____ccccoooommmmppppssssllllooootttt disables compression of the Van Jacobson TCP/IP header compression ID. PPPPaaaaggggeeee 11114444 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) vvvvjjjj____sssslllloooottttssss====_s_l_o_t_s changes the number of Van Jacobson TCP header compression slots from its default of 16. ----ccccccccpppp disables the Compression Control Protocol and all link layer compression. ----ttttxxxx____pppprrrreeeeddddiiiiccccttttoooorrrr1111 disables "Predictor Type 1" link layer compression on packets transmitted by this system. ttttxxxx____bbbbssssdddd====_b_i_t_s limits to no more than _b_i_t_s the code size of "BSD compress" link layer compression on packets transmitted by this system. ----ttttxxxx____bbbbssssdddd disables "BSD compress" link layer compression on packet transmitted by this system. ----rrrrxxxx____pppprrrreeeeddddiiiiccccttttoooorrrr1111 disables "Predictor Type 1" link layer compression on packets received by this system. rrrrxxxx____bbbbssssdddd====_b_i_t_s limits to no more than _b_i_t_s the code size of "BSD compress" link layer compression on packets received by this system. ----rrrrxxxx____bbbbssssdddd disables "BSD compress" link layer compression on packet received by this system. "BSD compress" code sizes of 9 to 15 bits are allowed. "BSD compress" compression is more effective but requires more CPU cycles than "Predictor Type 1." "BSD compress" code sizes larger than 12 require more system memory than "Predictor Type 1." Packets are not compressed unless both the transmitting and receiving systems agree. BSD compress is preferred when both BSD compress and Predictor are enabled and permitted by the other system. Both 12-bit "BSD Compress" and "Predictor Type 1" compression are enabled by default. When both are enabled, "BSD Compress" is preferred. The compression a system uses on the packets it transmits is chosen and negotiated independently of the compression it expects to see on the packets it receives. ssssttttrrrreeeeaaaammmm____mmmmoooodddduuuulllleeee====_s_n_a_m_e adds the stream module with name _s_n_a_m_e to the list of modules that will be pushed onto the STREAMS device beneath the two PPP modules. The modules are pushed in the order they are named. PPPPaaaaggggeeee 11115555 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) The ppp program must be killed to finally terminate a link that is "_c_a_m_p_i_n_g" or in "qqqquuuuiiiieeeetttt" mode (see kkkkiiiillllllll(1) or kkkkiiiillllllllaaaallllllll(1M)). The TERM or INT signals, as in `killall -v -TERM ppp`, are best because they allow the ppp program to notify the other machine that the link is being turned off. IIIInnnnssssttttaaaallllllllaaaattttiiiioooonnnn NNNNooootttteeeessss The program uses the dialing information on each appropriate line of the /_e_t_c/_u_u_c_p/_S_y_s_t_e_m_s file until it succeeds. This can be useful if there is more than one telephone number that might be used to contact the remote machine. A /_e_t_c/_u_u_c_p/_S_y_s_t_e_m_s line like the following works well to call an IRIS running this ppp software: rmt Any ACUSLIP 19200 5551234 "" @\r\c ogin: mynam ssword: xxx PPP The last check for "PPP," output by the ppp program by the remote IRIS just before it starts the IP protocol, ignores banners or messages of the day. It ensures the remote machine is not waiting for an additional password. The check for "PPP" may not be appropriate with other brands of computer. The following shell script can be used to start the connection with the Systems file entry above: #!/bin/sh exec </dev/null >/dev/null 2>&1 /usr/etc/ppp -r rmt $* & The following sample PPP configuration file assumes a "qqqquuuuiiiieeeetttt" mode # common parameters me add_route #install default route # special parameters for rmt, rmt remotehost=rmt.foo.bar.com quiet #requires both host names be known # uucp_name=rmt #not needed, since same as default continue=me # another host that can use parallel links, and correctly negotiates # its IP address, and uses ISDN and so needs PAP authentication. other remotehost=0 outdevs=2 send_name=mynam send_passwd=guess@it continue=me # common entry for incoming ISDN connections _ISDN_INCOMING continue=_INCOMING # common entry for incoming WSYNC connections _WSYNC_INCOMING PPPPaaaaggggeeee 11116666 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) continue=_INCOMING _INCOMING reconfigure A machine which has no network connection other than a PPP link should use a terminator on its ethernet port, and so act as if it has a valid although very small local area network. Because the ppp program can use the UUCP control files, the best way to install a PPP connection is to first install a UUCP connection. So, one first creates appropriate entries in the /_e_t_c/_u_u_c_p/_D_i_a_l_e_r_s, /_e_t_c/_u_u_c_p/_D_e_v_i_c_e_s, and /_e_t_c/_u_u_c_p/_S_y_s_t_e_m_s files, and then "debugs" the connection with _c_u -_d _r_e_m_o_t_e_s_y_s_t_e_m. A server which other machines call to use PPP should establish separate "user names" in /etc/passwd (see _p_a_s_s_w_d(4)), all using the ppp program as their "login shell." Each username should be the same as a remote machine name starting a line in the control file, thereby choosing appropriate parameters for the link. Since the ppp command configures network interfaces, it must be executed with UID 0, and so the password entry on the remote system should use UID 0. Routing demons can be used to exchange RIP packets (see rrrroooouuuutttteeeedddd(1M) or ggggaaaatttteeeedddd(1M)) over the link, as well as advertise the link to the rest of the IP network. The -h option to rrrroooouuuutttteeeedddd can usefully reduce the resulting clutter of "host-routes." The -F option to rrrroooouuuutttteeeedddd on the machine gatewaying a point-to-point link to an ethernet sends a synthetic "default route" over the PPP link instead of the full routing tables, making the cost of running RIP over the link negligible. Each time the link is (re)established, the program sends a SIGHUP signal to the gated and routed daemons, if they are running. This causes the routing daemons to more quickly notice the (probably) new network interface and to start advertising adjusted routes. It also causes a "killed" message in the debugging output. Static routing can be used instead of a routing daemon with the aaaadddddddd____rrrroooouuuutttteeee control file keyword or with rrrroooouuuutttteeee(1M) commands in a /etc/init.d/network.local files associated with the /_e_t_c/_i_n_i_t._d/_n_e_t_w_o_r_k file. Note that A ppp program using demand-dialing ("qqqquuuuiiiieeeetttt" mode in the control file) can call another ppp program which is in input, output, or demand-dialing mode. In case the other system is calling this system, demand-dialing uses random binary exponential backoffs after failed attempts. PPPPaaaaggggeeee 11117777 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) The network information service (NIS, see yyyyppppbbbbiiiinnnndddd(1M)) is not often useful over a PPP link. it is usually necessary to use local copies of mail aliases. However, the Internet domain name server can be useful, by creating a /_u_s_r/_e_t_c/_r_e_s_o_l_v._c_o_n_f file (see rrrreeeessssoooollllvvvveeeerrrr(4)) similar to the following but with the addresses and domain name changed appropriately: domain your.dom.ain hostresorder local bind nameserver 192.26.61.24 nameserver 192.26.61.21 nameserver 192.26.51.194 It is possible to use NFS over a PPP link, necessary to adjust the mount options for the relatively long latencies and low bandwidth (see aaaauuuuttttoooommmmoooouuuunnnntttt(1M) and ffffssssttttaaaabbbb(4)). Timeouts should be set long enough to allow a complete transaction to pass the link before becoming too late, and having to be retransmitted. A plausible value for _t_i_m_e_o with default 8KByte block sizes over a 19.2Kbit/s link is 90, for 9 seconds. It can be useful to increase the attribute timeouts substantially, to minutes. To synchronize clocks over a PPP link ttttiiiimmmmeeeedddd can be used, but ttttiiiimmmmeeeessssllllaaaavvvveeee is often more accurate. Once each day at about midnight, if the ppp program has been running for at least several hours, it logs some statistics concerning its work for the previous 24 hours. DDDDIIIIAAAAGGGGNNNNOOOOSSSSTTTTIIIICCCCSSSS Error messages complaining that "I_PUSH" failed mean that the kernel does not contain the required PPP STREAMS modules, if_ppp and ppp_fram. FFFFIIIILLLLEEEESSSS /etc/ppp.conf default control file /etc/init.d/network network start-up script /etc/passwd /var/adm/SYSLOG system log for debugging messages /etc/uucp/Systems "modem chat scripts" /etc/uucp/Dialers "chat scripts" to control modems /etc/uucp/Devices tty port/modem configurations /etc/hosts hostname database /var/sysgen/master.d/if_ppp kernel STREAMS module /var/sysgen/master.d/ppp_fram /var/sysgen/boot/if_ppp.o /var/sysgen/boot/ppp_fram.o /tmp/.ppp-rendezvous rendezvous for demand dialing and pppstat /dev/tty[dmf]_x tty port attached to modem. SSSSEEEEEEEE AAAALLLLSSSSOOOO chkconfig(1M), cu(1), getty(1M), ifconfig(1M), icmp(7P), isdn(7M), gated(1M), master(4), passwd(4), pppstat(1m), resolver(4), routed(1M), slip(1m), syslog(1M), wsyncd(1M), uucico(1M) PPPPaaaaggggeeee 11118888 pppppppppppp((((1111MMMM)))) pppppppppppp((((1111MMMM)))) BBBBUUUUGGGGSSSS Only IP datagrams (and so TCP, UDP, NFS, and so on) are currently supported. PPPPaaaaggggeeee 11119999