ppp(1M) ppp(1M) NAME ppp, if_ppp, ppp_fram - Point-to-Point Protocol SYNOPSIS ppp [-d] [-r remote] [-f cfile] DESCRIPTION PPP is a standard protocol for transmitting network data over point-to- point links using synchronous modems, asynchronous modems, or ISDN links. It can be used to transfer data between applications which are using TCP/IP or UDP/IP. The ppp program is used to connect to a remote machine. It does everything necessary to permit network data to reach the modem or ISDN line, and to connect the TTY port to the rest the network system. It does things that are done by ifconfig(1M) for other network interfaces. The result is a "point-to-point" link that can be part of an existing IP interwork. The -d flag requests additional debugging information. Additional instances of -d produce more information. The debugging information is sent to the system log (usually /var/adm/SYSLOG) if its standard error file descriptor is not a tty. The signals SIGUSR1 and SIGUSR2 increase and decrease the amount of debugging information. Avoid increasing the debugging level to more than 1, because entire packets will be logged, including those containing PPP PAP and CHAP names and passwords, which can let anyone who can read the system log discover the passwords. Another reason to avoid increasing the debugging level to more than 1 is that turns on messages from the IRIX kernel. While the kernel is displaying the message, it has all interrupts turned off, which can cause input to be lost, which often causes more messages from the kernel, and so on. The -f flag specifies an alternative control file instead of /etc/ppp.conf. The -r flag specifies the label of an entry in the control file. If -r is absent, the value of the environment variable $USER specifies the label of the control file entry. The operation of the ppp program is controlled by a control file. The control file must be owned by and readable only by UID=0, because it can contain PAP or CHAP authentication secrets. Comment lines in the control file start with a '#' character and are ignored, as are blank lines. A '#' character after a keyword and value also signals a comment to the end of the line. Each entry starts with a label that is often the name of a remote system. Non-blank, non-comment lines that start with blanks or tabs are continuations of the previous non-comment line. Each label is followed by zero or more keywords or keywords followed by an "=" character and a value. Blanks separate keywords. Upper and lower case letters have the same significance in keywords. Values for keywords can be quoted to contain blanks or '#' characters. Standard backslash escape sequences are supported, except that NUL is never permitted. There are a large number of parameters that can be modified. The default values of the parameters are appropriate for most situations. Unnecessary changes to these parameters is the most common cause of problems. A machine that only answers calls need not have a control file at all. Consider using a control file based on the sample below. PPP authentication is not strictly necessary when using asynchronous modems, because ordinary UNIX usernames and passwords are checked. Because the ISDN calling-number information is not always available, it is important to use authentication incoming ISDN connections, often with reconfigure. It is also important to use authentication on switched synchronous wide area network connections.` When the default value for -r is used (for example when ppp is the shell for an account), some parameters such as the in, out, and quiet modes are ignored. This allows a single control line to serve for both input and output. The machine that originates the PPP connection (or both machines for symmetric demand dialing) can usually start the ppp program with ppp -r remote. The machine that answers a modem call (both machines for symmetric demand dialing using modems) should have an account with a "shell" that is the ppp program. The resulting $USER environment variable is then used to select an entry in the control file. An incoming ISDN call causes the ISDN daemon (see isdnd(1M)) to start the ppp program with $USER set to _ISDN_INCOMING. An incoming synchronous wide area call causes the WSYNC deamon (see wsyncd(1M)) to start the ppp program with $USER set to _WSYNC_INCOMING. The following list of control file parameters is somewhat ordered into groups of related functions, with groups least unlikely to be changed first. debug[=num] increases the debugging information sent to the system log. See also the -d flag described above, including the warning about high levels of debugging. continue=name effectively concatenates the named control file entry to the current line. This can be used with a line naming a fictitious system but containing common settings. To avoid security and other problems, name should not be a valid hostname. Including a character invalid in a hostname, as in +common, is a good idea. reconfigure indicates that this control file entry is a generic (probably incoming) entry, and that the remote machine must provide a name using one of the PPP authentication protocols. The name is used to select a new control file entry, and that entry is used to set almost all PPP parameters. This mechanism is useful for ISDN and WSYNC connections which do not use the familiar getty and login mechanisms. When the CHAP protocol is used, the remote system must receive a "challenge" so that it can respond with its name. send_name must be used in the reconfigure entry if the name used in the challenge is not the local hostname. The "secrets" used with CHAP authentication should be specified in the entry parsed after the reconfigure entry. The reconfiguration entry should only pick the authentication protocol(s) and (if necessary) specify the CHAP name to send. The only parameters that are not reset according to the new entry are those that cannot be changed, having already been used to configure the link. Other parameters are either set to the values specified in the new control file entry or to their defaults. Some parameters such as ACCM that have already been negotiated but that can be renegotiated with the other system can be changed between the reconfigure entry and the new entry. If possible, it is best specify as little as possible, using the default parameters in the reconfigure entry. If an explicit recv_name is not specified, then any valid username on the local system can be sent by the PPP peer. A list of explicit names can be used to restrict the permitted names. recv_name=name requires the remote machine to authenticate itself using name and the corresponding IRIX (PAP) password or specified CHAP secret. A null name allows the remote machine to authenticate itself using PAP with any IRIX username valid on the local machine. Several recv_name specifications can be used to accept any of several names. This is useful in a reconfigure entry. The parameter is redundant and ignored in the control file entry parsed after the reconfigure entry, because a name has already been received from the peer and used to choose the new control file entry. However, that entry might be parsed for an out-going connection and so might need the parameter then. Whether the name is used in the PAP or the CHAP protocols depends on which of the two protocols are negotiated. Which of the protocols are acceptable and so might be negotiated depends on whether send_pap, send_chap, and so on are specified. In the absence of any specification and when passwords, names, or reconfigure are specified, PAP is the default. When both are specified, then CHAP is offered to the peer first. The PAP name and password received from the peer must be in the familiar IRIX password and username database. The UID, GUID, "shell" and other parameters associated with the username are ignored. The PAP name and password sent to the peer and the CHAP names and passwords need not be in the IRIX password database. If neither recv_name nor any other authentication parameter is specified and reconfigure is not used, then no PAP requests will be sent, the remote machine need not authenticate itself, and any authentication it offers will be accepted. Such a lack of authentication is often considered a bad idea. send_name=name specifies the name to be sent to the remote machine as part of PAP or CHAP authentication. The remote machine might or might not treat the name it receives as an IRIX username. If PAP and not CHAP is used, the name to be sent can be omitted from a control file entry with reconfigure, in which case the local system will delay authenticating itself with PAP to the other system until the peer has authenticated itself. That allows the PAP name to be in the second control file entry chosen according to the name supplied by the peer when it authenticated itself. If the name is specified in the reconfigure entry, it cannot be changed in the second control file entry, although the same name can be specified again. If the name is not specified, but CHAP is specified with send_chap or recv_chap, then the hostname is the default. This name is used in both CHAP challenges and responses to name this machine. This name must be the same in both the reconfigure and second control file entries, even when it is defaulted and not explicitly specified. send_passwd=string specifies the password to be sent to the remote machine as PAP authentication or the secret used to generate CHAP responses. The CHAP recv_passwd and send_passwd secrets should be distint to avoid a security problem. The control file must be readable only for UID=0 to keep such passwords secret. The password to be sent to the peer can be omitted from the reconfigure entry, in which case the local system will delay authenticating itself until the peer has begun authenticated itself. That allows the password to be in the second control file entry chosen according to the name supplied by the peer when it authenticated itself. If the password is specified in the reconfigure entry, it cannot be changed in the second control file entry. recv_passwd=string specifies the "secret" used to generate responses to CHAP challenges from the other system. If CHAP is turned on with recv_chap, then a secret must be specified. The CHAP recv_passwd and send_passwd secrets should be distint to avoid a security problem. The control file must be readable only for UID=0 to keep such passwords secret. send_pap says that this system can authenticate itself to the other system by sending PAP requests. -send_pap says that this system will not authenticate itself to the other system by sending PAP requests. send_chap says that this system can authenticate itself to the other system by sending CHAP responses in answer to CHAP challenges received from the other system. CHAP is preferred to PAP if both are available when send_pap is also specified. -send_chap prevents this system from authenticating itself by sending CHAP responses CHAP. recv_pap says this system would like to authenticate the remote system by receiving PAP requests from the remote system. -recv_pap says the other system cannot authenticate itself to this system with PAP. recv_chap says the other system can authenticate itself to this system with CHAP responses answering CHAP challenges sent by this system. CHAP is preferred if both PAP and CHAP are available when recv_pap is also specified. -recv_chap says the other system cannot authenticate itself to this system with CHAP. max_auth_secs=secs changes the time the deadline for the other machine to respond to an authorization request from the default of 30 seconds. auth_secs=secs changes delay between retransmissions of authentication requests from the default of 5 seconds. chap_reauth_secs=secs causes CHAP challenges to be sent periodically. The interval must be at least 10 seconds and at most 2 hours or 7200 seconds -utmp turns off the "utmp" entries (see utmp(4)) otherwise added for incoming ISDN or T1 and all outgoing connections. netmask=mask overrides the default netmask for the link. Because a PPP link is a point-to-point link, the netmask is not used directly. However, the new RIP routing daemon uses it to infer whether subnetting is used by the remote system. Thus, if the remote system is treating the link as "unnumbered" and using its primary host address for its end of the link, then the local PPP interface should have the netmask that the remote system is using for its primary network interface. metric=num overrides the default routing metric associated with the link. mtu=num overrides the default, 1500 byte "maximum transmission unit" or MTU associated with a PPP link. The normal PPP negotiating mechanism can be used by the computer on the other end of the link to reduce the size of packets transmitted by the local machine when the link is first made. The MTU cannot be reduced after kernel has committed to is, as with demand dialing. add_route="rt-cmd" executes the command `/usr/etc/route rt-cmd`, presumably to add an IP route to the kernel routing tables. The environment variable $REMOTEADDR contains the IP address of the remote machine, the address at the other end of the PPP link. See route(1M). If the rt-cmd starts with "add" and if the -del_route is not used, then the route will be deleted when the ppp program ends and interface is removed. Note that this route is a "static route." Routing daemons such as gated and routed should usually be turned off when this keyword is used, except when the new version of routed initially available in a patch for IRIX 6.2 is used. See gated(1M), routed(1M), and chkconfig(1M). add_route has the same effect as add_route="add default #". -del_route turns off the default removal of the route added by add_route. del_route="rt-cmd" executes the command `/usr/etc/route rt-cmd` when the PPP link is shut down, presumably to delete a route added with add_route. This is useful in case the route added did not start with "add" and so when the default removal of the route is disabled. add_route6="rt-cmd" executes the command `/usr/etc/route rt-cmd`, presumably to add an IPv6 route to the kernel routing tables. If the rt-cmd starts with "add" and if the -del_route6 is not used, then the route will be deleted when the ppp program exits. add_route6 Adds a default IPv6 route using the remote system as the gateway. -del_route6 turns off the default removal of the route added by add_route6. del_route6="rt-cmd" executes the command `/usr/etc/route rt-cmd` when the PPP link is shut down, presumably to delete an IPv6 route added with add_route6. This is useful in case the route added did not start with "add" so default removal of the route is disabled. proxy_arp=ifname specifies that an ARP table entry for the IP address of the remote system should be added using the MAC address of the specified interface. -proxy_arp turns off the default addition of an ARP table entry for the remote system. Otherwise, if the IP address of the remote system has a network number equal to one of the non-point-to-point interfaces of the local system, then a suitable proxy-ARP table entry will be added. uucp_name=uname specifies a name in the /etc/uucp/Systems file for dialing. Its default value is the remote machine name. UUCP hostnames can be at most 7 or sometimes 8 characters long. It is useful to use one name for dialing and another for TCP/IP when the more public, harder to change TCP/IP name is longer than 7 characters. localhost=ipname[,mask] specifies one of the set of IP addresses for the local end of the PPP link. Additional instances of the keyword add to the set of acceptable local addresses. During the IP part of negotiations during the PPP connection initiation, the local machine insists that the negotiated address be a member of the set. The ipname can be a hostname or a numeric IP address. If absent, the mask is assumed to be "255.255.255.255". The pair (ipname,mask) specifies all IP addresses such that ipname&~mask=0, or in other words, all addresses that match modulo the mask. (Note that this mask has nothing to do with a "netmask.") If there is more than one localhost keyword in a single line in the control file, the set used during negotiations is the union of the sets specified by all of the keywords. Use localhost=0,0 to let the remote machine pick any IP address for this machine. If the set consists of a single IP address (e.g. a single localhost keyword with a default mask or a mask of 255.255.255.255), the local machine will not only reject requests to use any other address, but will also propose the address with IPCP configuration request packets. If there are no localhost keywords, the set of local addresses defaults to the address of the local machine. The default is usually appropriate, whether connecting two ethernets or extending an ethernet to a distant, isolated workstation. When connecting isolated workstations, it is best to use a single network number and allocate host numbers on that network for remote workstations. remotehost=ipname[,mask] specifies one of the set of IP addresses of the remote end of the PPP link. It behaves just like the localhost keyword, except that the remote end of link is being named and the default is the label of the control file entry or the UUCP name, if either is a valid hostname. If neither is a valid hostname, it defaults to remotehost=0,0 to let the remote machine negotiate any IP address it wants. In quiet mode, the IP addresses of the PPP link are configured before the other machine is contacted, since the rest of the system must know the addresses in order to send traffic over the link to cause the link to be dialed. That means that in quiet mode, the IP addresses cannot be defaulted or negotiated. localif=ifname specifies a 64-bit interface identifier for the local end of the PPP link. ifname must be in the "colon-hexadecimal" notation used for IPv6 addresses, e.g., "ffff:0123:4567:89ab" or "::abcd". (A complete ipv6 address, e.g., fe80::ffff:0123:4567:89ab, may be specified; however, the upper 64 bits will be ignored.) If the localif keyword is not used, the interface identifier will be derived from a local ethernet address, if an ethernet interface exists on the local system; if no ethernet interface exists, a random 48-bit number will be used to generate an "ethernet-like" address, from which the 64-bit interface identifier will be constructed. If the remote system rejects ifname, another interface identifier will be assigned to the local end of the PPP link. remoteif=ifname specifies a 64-bit interface identifier to be offered for use by the remote system. ifname must be in the "colon-hexadecimal" notation used for IPv6 addresses, e.g., "ffff:0123:4567:89ab" or "::abcd". (A complete ipv6 address, e.g., fe80::ffff:0123:4567:89ab, may be specified; however, the upper 64 bits will be ignored.) The remote system always has the opportunity to specify the interface identifier for the remote end of the PPP link. Only if the remote system fails to specify an interface identifier, or we reject the specified identifier, is ifname used. If the remoteif keyword is not used and the remote host fails to offer an acceptable interface identifier then we generate an interface identifier derived from a local ethernet address, if an ethernet interface exists on the local system; if no ethernet interface exists, a random 48-bit number will be used to generate an "ethernet-like" address, from which the 64-bit interface identifier will be constructed. rem_sysname=name specifies a name for the remote system. This name may differs from the remote hostname of the system. By default, this name is the same as the label of the control file entry, specified with -r or the environment variable $USER. This control is necessary only when MP Endpoint Discriminators are turned off or not supported by the peer. -addr_negotiate disables IPCP address negotiation. This is useful only when the peer does not implement the ADDR Configure-Request option, the default values for remotehost and localhost are correct, and it is worthwhile to save the cost of an extra round of Configure-Reject and Configure-Request. Use of this facility should be avoided, because it disables the detection of one of the most common configuration errors. active_timeout=secs sets the number of seconds of idleness while at least one TCP connection seems to be open before the PPP link is broken. The lower layers snoop on packets to infer the number of open TCP connections that go over the link. This snooping cannot be made entirely reliable, because the end of the connection may be a distant machine that forwards only some of its packets through this machine, and because only TCP/IP packets transmitted by this machine are observed. The active timeout must be no smaller than the inactive_timeout. See the quiet mode. In quiet mode, the active_timeout defaults to the inactive_timeout, and if neither is specified, the active_timeout defaults to 300 and the inactive_timeout to 30 seconds. Such values limit many telephone calls for quick, automatic transactions like email to less than a minute, without making interactive sessions painful. As long as you type at least once every 5 minutes in an interactive session, the link will remain active. inactive_timeout=secs sets the number of seconds of idleness while no TCP connections seem to be open before the PPP link is broken. This timeout must no larger than the active_timeout. See the quiet mode. In quiet mode, the inactive_timeout defaults to the active_timeout, and if neither is specified, the active timeout defaults to 300 and the inactive timeout to 30 seconds. When non-TCP applications are being used, or when applications such as Mosaic, involving many short-lived TCP connections are used, it can be useful to open a TCP connection (e.g. telnet or login) to a remote system to invoke the longer, active_timeout. Specifying a timeout with active_timeout or inactive_timeout turns on "demand dialing". See quiet. toll_boundary=billing_secs overrides active_timeout and inactive_timeout until the link as been active approximately multiple of billing_secs seconds. For example, if the telephone company bills for complete minutes, an idle link may as well remain connected until near the end of the current minute. busy_delay=secs sets the delay before complete saturation of the current links causes the addition of an additional line, provided there are fewer lines currently active than specified with outdevs. The default delay is 10 seconds, and it is always rounded up to a multiple of 5 seconds. idle_delay=secs sets the period of at least partial idleness with no moments of complete saturation of the links before one of the active lines in excess of the number specified with mindevs is turned off. Only links started by the local machine are turned off when they are idle. If all links are completely idle, the active_timeout and inactive_timeout will turn off all lines, including incoming lines. The default delay is 30 seconds, and it is always rounded up to a multiple of 5 seconds. bps=num overrides the automatic measurements of the speed of the device. maxdevs=num changes the maximum number of multilink serial lines. Connections in excess of this number are refused. outdevs=num sets the maximum number of multilink serial lines that will be used when originating a call. If the maxdevs value is greater than the outdevs value, additional incoming connections in excess of the outdevs limit are permitted. mindevs=num changes the minimum number of multilink serial lines (e.g. modems) from the default of 1. An additional connection is attempted whenever there are fewer, provided this system originated the call. unsafe_mp allows the system answering the phone to add a link to the multilink bundle. This is usually undesirable, unless the other system is too dumb to add links to the bundle when the bundle is saturated. -mp disables the PPP multilink protocol, MP. The BF&I multilink protocol will be used instead. mp_send_ssn try to send short MP sequence numbers; mp_recv_ssn accept short MP sequence numbers; mp_headers requires MP headers even when the bundle consists of a single link. -endpoint_discriminator turn off endpoint-descriptors when talking to a broken system. Endpoint-descriptors extremely useful. -mp_frag avoids MP fragmentation as much as possible. map_char_num=num adds a character to the list of those that must be escaped when transmitted over the PPP link. Not just control characters, but any character other than the PPP 0x5e can be marked to be escaped. However, only control characters can be negotiated to be escaped when received. See map_char. accm=num sets the list (Async-Control-Character-Map or ACCM) of characters that must be escaped when transmitted over the PPP link. See map_char. map_char=chars adds the control characters corresponding to the letters in the string chars to the list of those that must be escaped when transmitted over the PPP link. By default, the list is empty, but other commonly used lists are all (accm=0xffffffff) and NUL, XOFF, and XON (map_char=@QS). accm_parity causes control characters to be escaped regardless of their "parity" bit. -rx_accm Control characters that are received from the peer and in the ACCM negotiated with the peer must be discarded according to the PPP standard. This is because there are two reasons for escaping control characters. They might be gratuitously removed by modems or other equipment in the line, or they might by gratuitously added. This switch overrides the default behavior of discarding bytes that should have been escaped but were not. The transmit ACCM is separate from the receive ACCM. There is nothing the receiver can do except suggest during the negotiations when the link is made that transmitter escape more bytes and discard bytes that were not escaped but should have been. in specifies "input mode" for the ppp program. In this mode, the local machine is expected to accept connections (e.g. telephone calls) for the remote machine. See quiet. out specifies "output mode" for the ppp program. In this mode, the local machine is expected to initiate the connection to the remote machine (e.g. place the telephone call). Specifying a timeout with active_timeout or inactive_timeout turns on "demand dialing" that differs from "quiet mode" only in immediately making the connection without waiting for traffic. See quiet. quiet specifies "quiet mode" for the ppp program. When there is traffic, it creates the connection. When the link seems to be idle, it breaks the connection, and later restores it when there is more traffic. This is sometimes called "demand dialing." A quiet connection must know both IP addresses before the connection is established, because the connection is not made until traffic is waiting, traffic cannot exist until the remote and local IP addresses are known, and so the normal IP address negotiation mechanism is not available, and so remotehost and localhost must be explicitly specified. While a quiet mode connection can be started at the receiving end of a connection, it may not have the desired effect. The daemon does not expect to use the serial connection to its standard input in quiet mode. If started in quiet mode as the result of the remote system dialing in, the daemon will ignore the incoming serial connection. It expects to wait quietly until it sees locally generated traffic and the need to dial its own new link. One might conceivably start a quiet mode daemon remotely for a simple kind of traffic driven or "demand dial-back." camp turns on "camping," a mode in which the ppp program continually tries to reestablish the link whenever it is broken. Camping can only be used in out mode. When practical, "demand dialing" with quiet mode is more convenient. modwait=secs sets the number of seconds the modem is allowed to cool before attempting a call. The default is 5 seconds. Too short a delay between attempts to use the modem can cause various messages, including the ever popular "DEVICE LOCKED". modtries=num sets the number of consecutive tries to dial the remote machine before temporarily giving up, putting the message "giving up for now" into the system log, and flushing the output queue. When demand dialing is used, a new series of attempts will be made soon after a new packet is put into the output queue (see modwait). modpause=num changes the delay after failed series of attempts to dial the remote machine from the default of 0 to num seconds. restart_ms=milliseconds changes the initial delay before retransmitting PPP control packets from the default of 1 seconds. restart_ms_lim=milliseconds changes the limit on the binary exponential increase of restart_ms from the default of 8 seconds. ccp_restart_ms=milliseconds changes the delay before retransmitting CCP (PPP compression control protocol) packets from the default of 6 seconds. This timer has no backoff and starts out longer, because CCP is often done while the link is otherwise very busy. A 3 second timeout is too short on a busy 9600 bit/sec link with a 1500-byte MTU. max_FSM_fail=num changes the limit on the number of times the PPP finite state machine will attempt to negotiate (i.e. Configure-Requests and receive Configure-Naks or Configure-Rejects). The default is 10. max_FSM_conf=num changes the number of times the PPP FSM will send a Configuration- Request without receiving a response before giving up (.e. send Configure-Requests and no response). The default is 10. max_FSM_term=num changes the number of times a Terminate-Request will be sent by the local FSM before turning off the link unilaterally. Use max_FSM_term or max_term_ms but not both. max_term_ms=milliseconds changes the duration Terminate-Requests will be sent by the local FSM before turning off the link unilaterally. Use max_FSM_term or max_term_ms but not both. The default is 7 seconds. -LCP_IDENT turns off LCP Identification packets. See RFC 1570. -LCP_ECHOS turns off LCP Echo Requests. By default, an LCP Echo Request packet is sent periodically to ensure that the peer is still working. LCP_ECHO_INTERVAL=num changes the repetition rate of LCP Echo Requests from its default value of 10 seconds. The new value must be between 1 and 120 seconds. -ipv4 Prevents configuration of the link for IPv4. It should never be necessary to use this option, but it might be used when connecting to a host that does not support IPv4. -ipv6 Prevents configuration of the link for IPv6. It should never be necessary to use this option, but it might be used when connecting to a host that does not support IPv6. noicmp causes the system to discard all ICMP packets instead of transmitting them over the link. This is intended for extremely low speed links. qmax=num sets the maximum depth of the interface queue. The size of the queue can be monitored with the netstat command. -telnettos turns off the "telnet type of service hack," which tries to give interactive traffic better service by moving ICMP packets and TCP packets to or from ports 23, 513, or 518 to the front of the transmit queue. Note that the IP TOS "low delay" bits are always honored by the PPP driver. inact_port=port adds the TCP or UDP port number port to the list of ports that are not considered evidence of activity. Traffic transmitted by this machine to ports not in the list causes the system to restore the PPP link (while in quiet mode). The port can be specified by number, service name in /etc/services, or NIS service name. By default, the list contains only ports 13 (daytime), 37 (time), 123 (ntp), 520 (route), and 525 (timed). -inact_port clears the list of uninteresting port numbers, making all ports evidence of traffic. inact_icmp=type adds an ICMP packet type to the list of types that are not considered evidence of activity. Other kinds of ICMP packets cause the system to restore the PPP link (while in quiet mode). The packet type must be a number from /usr/include/netinet/ip_icmp.h. By default, the list contains only 5 (ICMP_UNREACH), 4 (ICMP_SOURCEQUENCH), 9 (ICMP_ROUTERADVERT), 10 (ICMP_ROUTERSOLICIT), 13 (ICMP_TSTAMP), and 14 (ICMP_TSTAMPREPLY). -inact_icmp clears the list of uninteresting ICMP packet types. sync -sync indicate whether the line is "synchronous" or "asynchronous." The default is asynchronous, except when its major device number is known to be that of an ISDN line or when the top-most STREAMS module is not recognized as the familiar module "TTY line discipline." xon_xoff turns on "XON/XOFF" or "software flow control" when a modem is used. This should be avoided if at all possible. -pcomp disables PPP LCP protocol field compression. It is on by default. -acomp disables PPP LCP address and control field compression. It is on by default on asynchronous links. -vj_comp disables Van Jacobson TCP/IP header compression. It is on by default. vj_compslot enables compression of the Van Jacobson TCP/IP header compression slot ID. It is off by default, and should be off whenever there is no reliable notification of the kernel PPP code of lost bytes. There is no such notification over IRIX asynchronous serial lines. Van Jacobson header compression is described in RFC 1144. -vj_compslot disables compression of the Van Jacobson TCP/IP header compression ID. vj_slots=slots changes the number of Van Jacobson TCP header compression slots from its default of 16. -ccp disables the Compression Control Protocol and all link layer compression. -tx_predictor1 disables "Predictor Type 1" link layer compression on packets transmitted by this system. tx_bsd=bits limits to no more than bits the code size of "BSD compress" link layer compression on packets transmitted by this system. -tx_bsd disables "BSD compress" link layer compression on packet transmitted by this system. -rx_predictor1 disables "Predictor Type 1" link layer compression on packets received by this system. rx_bsd=bits limits to no more than bits the code size of "BSD compress" link layer compression on packets received by this system. -rx_bsd disables "BSD compress" link layer compression on packet received by this system. "BSD compress" code sizes of 9 to 15 bits are allowed. "BSD compress" compression is more effective but requires more CPU cycles than "Predictor Type 1." "BSD compress" code sizes larger than 12 require more system memory than "Predictor Type 1." Packets are not compressed unless both the transmitting and receiving systems agree. BSD compress is preferred when both BSD compress and Predictor are enabled and permitted by the other system. Both 12-bit "BSD Compress" and "Predictor Type 1" compression are enabled by default. When both are enabled, "BSD Compress" is preferred. The compression a system uses on the packets it transmits is chosen and negotiated independently of the compression it expects to see on the packets it receives. stream_module=sname adds the stream module with name sname to the list of modules that will be pushed onto the STREAMS device beneath the two PPP modules. The modules are pushed in the order they are named. The ppp program must be killed to finally terminate a link that is "camping" or in "quiet" mode (see kill(1) or killall(1M)). The TERM or INT signals, as in `killall -v -TERM ppp`, are best because they allow the ppp program to notify the other machine that the link is being turned off. Installation Notes The program uses the dialing information on each appropriate line of the /etc/uucp/Systems file until it succeeds. This can be useful if there is more than one telephone number that might be used to contact the remote machine. A /etc/uucp/Systems line like the following works well to call an IRIS running this ppp software: rmt Any ACUSLIP 19200 5551234 "" @\r\c ogin: mynam ssword: xxx PPP The last check for "PPP," output by the ppp program by the remote IRIS just before it starts the IP protocol, ignores banners or messages of the day. It ensures the remote machine is not waiting for an additional password. The check for "PPP" may not be appropriate with other brands of computer. The following shell script can be used to start the connection with the Systems file entry above: #!/bin/sh exec </dev/null >/dev/null 2>&1 /usr/etc/ppp -r rmt $* & The following sample PPP configuration file assumes a "quiet" mode # common parameters me add_route #install default route # special parameters for rmt, rmt remotehost=rmt.foo.bar.com quiet #requires both host names be known # uucp_name=rmt #not needed, since same as default continue=me # another host that can use parallel links, and correctly negotiates # its IP address, and uses ISDN and so needs PAP authentication. other remotehost=0 outdevs=2 send_name=mynam send_passwd=guess@it continue=me # common entry for incoming ISDN connections _ISDN_INCOMING continue=_INCOMING # common entry for incoming WSYNC connections _WSYNC_INCOMING continue=_INCOMING _INCOMING reconfigure A machine which has no network connection other than a PPP link should use a terminator on its ethernet port, and so act as if it has a valid although very small local area network. Because the ppp program can use the UUCP control files, the best way to install a PPP connection is to first install a UUCP connection. So, one first creates appropriate entries in the /etc/uucp/Dialers, /etc/uucp/Devices, and /etc/uucp/Systems files, and then "debugs" the connection with cu -d remotesystem. A server which other machines call to use PPP should establish separate "user names" in /etc/passwd (see passwd(4)), all using the ppp program as their "login shell." Each username should be the same as a remote machine name starting a line in the control file, thereby choosing appropriate parameters for the link. Since the ppp command configures network interfaces, it must be executed with UID 0, and so the password entry on the remote system should use UID 0. Routing demons can be used to exchange RIP packets (see routed(1M) or gated(1M)) over the link, as well as advertise the link to the rest of the IP network. The -h option to routed can usefully reduce the resulting clutter of "host-routes." The -F option to routed on the machine gatewaying a point-to-point link to an ethernet sends a synthetic "default route" over the PPP link instead of the full routing tables, making the cost of running RIP over the link negligible. Each time the link is (re)established, the program sends a SIGHUP signal to the gated and routed daemons, if they are running. This causes the routing daemons to more quickly notice the (probably) new network interface and to start advertising adjusted routes. It also causes a "killed" message in the debugging output. Static routing can be used instead of a routing daemon with the add_route control file keyword or with route(1M) commands in a /etc/init.d/network.local files associated with the /etc/init.d/network file. Note that A ppp program using demand-dialing ("quiet" mode in the control file) can call another ppp program which is in input, output, or demand-dialing mode. In case the other system is calling this system, demand-dialing uses random binary exponential backoffs after failed attempts. The network information service (NIS, see ypbind(1M)) is not often useful over a PPP link. it is usually necessary to use local copies of mail aliases. However, the Internet domain name server can be useful, by creating a /usr/etc/resolv.conf file (see resolver(4)) similar to the following but with the addresses and domain name changed appropriately: domain your.dom.ain hostresorder local bind nameserver 192.26.61.24 nameserver 192.26.61.21 nameserver 192.26.51.194 It is possible to use NFS over a PPP link, necessary to adjust the mount options for the relatively long latencies and low bandwidth (see automount(1M) and fstab(4)). Timeouts should be set long enough to allow a complete transaction to pass the link before becoming too late, and having to be retransmitted. A plausible value for timeo with default 8KByte block sizes over a 19.2Kbit/s link is 90, for 9 seconds. It can be useful to increase the attribute timeouts substantially, to minutes. To synchronize clocks over a PPP link timed can be used, but timeslave is often more accurate. Once each day at about midnight, if the ppp program has been running for at least several hours, it logs some statistics concerning its work for the previous 24 hours. DIAGNOSTICS Error messages complaining that "I_PUSH" failed mean that the kernel does not contain the required PPP STREAMS modules, if_ppp and ppp_fram. FILES /etc/ppp.conf default control file /etc/init.d/network network start-up script /etc/passwd /var/adm/SYSLOG system log for debugging messages /etc/uucp/Systems "modem chat scripts" /etc/uucp/Dialers "chat scripts" to control modems /etc/uucp/Devices tty port/modem configurations /etc/hosts hostname database /var/sysgen/master.d/if_ppp kernel STREAMS module /var/sysgen/master.d/ppp_fram /var/sysgen/boot/if_ppp.o /var/sysgen/boot/ppp_fram.o /tmp/.ppp-rendezvous rendezvous for demand dialing and pppstat /dev/tty[dmf]x tty port attached to modem. SEE ALSO chkconfig(1M), cu(1), getty(1M), ifconfig(1M), icmp(7P), isdn(7M), gated(1M), master(4), passwd(4), pppstat(1m), resolver(4), routed(1M), slip(1m), syslog(1M), wsyncd(1M), uucico(1M) BUGS Only IP datagrams (and so TCP, UDP, NFS, and so on) are currently supported. Page 20