Provided by: manpages-zh_1.5.1-1_all bug

NAME

       pppd - 點對點協議守護進程

` SYNOPSIS
       pppd [ tty_name ] [ speed ] [ options ]

yz
       點對點協議          (PPP)          提供一種在點對點串列線路上傳輸資料流
       (datagrams)的方法。PPP是由三茬‘魕珩捰赤滿G一茼b串列線
       路上封裝(encapsulating)資料流的方法,一茈i延伸的連結控制
       協定(LinkControlProtocol:LCP),以及一些用來建立並配置不
       同網路層協定的網路控制協定(NetworkControlProtocols:NCP)

       封裝的機制(scheme)是由核心中的驅動程式碼來提供。pppd提供
       基本的LCP,驗証(authentication)的支援,以及一茈峔茷堨
       並配置網際網路協定(InternatProtocol(IP))(叫做IP控制
       協定,IPCP)的NCP。

` FREQUENTLY USED OPTIONS
       <tty_name>
               在該名稱的設備上進行通訊。如果需n的話可以前置一
              "/dev/"字串。如果沒有給設備名稱,pppd將會使用控制
              台的終端機(controllingteriminal),並且產生(fork)出
              來時將不會把自己放到I景去。

       <speed>
               將波特率設為speed。在像是4.4BSD以及NetBSA的系
              統上,可以指定任何速率。其他系統(e.g.SunOs)只允 釵釭煽X種速率。

       asyncmap <map>
               把非同步(async)字元設為對照到。這蚢儱茠                   描z-
              些控制字元不能在串列線路上成它a接收。pppd將      會n求彼端以兩-
              茼鴗葡晡熄h出序列(escapesequence)來
              傳送這些字元。其參數是32位元的十六進位數字而每      位元代表一-
              荓o避開(escape)的字元。位元0(00000001)
              代表字元0x00;位元31(80000000)代表字元0x1f或   是^_。如果給了多-
              羖syncmap選項,這些數|以邏
              輯的或(OR)合在一起。如果沒有給asyncmap選項,將沒
              有非同步字元對照表會被加以協商來導引接收。這樣彼端
              將會避開所有的控制字元。

       auth   n求彼端在允雀e或接收網路封包之前先驗証它自己。  This option is
              the default if the system has a default route.  If neither  this
              option  nor the noauth option is specified, pppd will only allow
              the peer to use IP  addresses  to  which  the  system  does  not
              already have a route.

       call name
              Read  options  from the file /etc/ppp/peers/name.  This file may
              contain privileged options, such as noauth, even if pppd is  not
              being  run  by  root.   The  name string may not begin with / or
              include .. as a pathname component.  The format of  the  options
              file is described below.

       connect script
               使用以所指定的可執行指令或是shell指令來設定       串列線路。這-
              茷令稿一般會使用"chat"程式來撥數據
              機並開始遠端ppp區段作業(session)。  A value for this option from
              a privileged source cannot be  overridden  by  a  non-privileged
              user.

       crtscts
              使用硬體流量控制(i.e.RTS/CTS)來控制串列埠上的資料流。 If neither
              the crtscts, the nocrtscts, the cdtrcts nor the nocdtrcts option
              is  given, the hardware flow control setting for the serial port
              is left unchanged.  Some serial ports (such as Macintosh  serial
              ports)  lack  a true RTS output. Such serial ports use this mode
              to implement unidirectional flow control. The serial  port  will
              suspend  transmission  when requested by the modem (via CTS) but
              will be  unable  to  request  the  modem  stop  sending  to  the
              computer.  This  mode  retains the ability to use DTR as a modem
              control line.

       defaultroute
               當IPCP協商完全成幼氶A增加一蚢w設遞送路徑到系統
              的遞送表,將彼端當作閘道器使用。這荈等埵bppp連線 中斷後會移除。

       disconnect script
               在pppd已經終結該連線之後執行以所指定的可執行
              指令或是shell指令。這茷令稿可以用來,例如,如果
              硬體的數據機控制信號無法使用時,發出指令給數據機使  其掛斷電話。
              The disconnect script is not run if the modem has  already  hung
              up.   A value for this option from a privileged source cannot be
              overridden by a non-privileged user.

       escape xx,yy,...
               指定在傳輸上確實應該n避開的字元(不管對方是否有用
              它的非同步控制字元對照表n求避開它怴^。這些n被避
              開的字元是以用逗號隔開的一串十六進位數字指定的。n
              注意到幾乎任何字元都可以用escape選項指定避開,不
              像asyncmap選項只允釩定控制字元。不能避開的字元
              是那些有十六進位0x20-0x3f或是0x5e者。

       file name
               從檔案裏讀取選項(其格式敘z在後)  The file must be readable by
              the user who has invoked pppd.

       init script
              Run the executable or  shell  command  specified  by  script  to
              initialize the serial line.  This script would typically use the
              chat(8) program to configure the modem to enable auto answer.  A
              value  for  this  option  from  a  privileged  source  cannot be
              overridden by a non-privileged user.

       lock   指定pppd應該在此串列設備上使用UUCP式的鎖定以確
              定對該設備為互斥(exclusive)存取。

       mru n  把MRU[MaximumReceiveUnit最大接收單元]的]為
              n來進行協商。pppd將會n求彼端傳送不比位元組
              更長的封包。最小的MRUO128。預設的MRUh是
              1500。對於慢速線路上的建議O296(其中40茼鴗
              組給TCP/IP表頭+256茼鴗葡晡爾禤^。
               (Note that for IPv6 MRU must be at least 1280)

       mtu n                       將MTU[MaximumTransmitUnit最大傳輸單元]的]
              為n。除非彼端經由MRU協商n求一荍韝p的Apppd                將會-
              n求核心網路程式碼透過PPP網路界惟珔e的資料 封包不超過n茼鴗葡捸C
               (Note that for IPv6 MTU must be at least 1280)

       passive
               在LCP中開啟"passive"選項。加上這蚇龠窗Apppd將     會試圖初使一-
              茬s線;如果沒有從彼端接收到回應,那麼
              pppd將只會被動地等待從彼端所傳來的一茼陵鶉CP封
              包(代替結束離開,就像它在沒有這蚇龠筑肊狶@的)。

 OPTIONS
       <local_IP_address>:<remote_IP_address>
               設定本地以及/或是遠端界悸截P位址。兩者之中的任           何一-
              茬ㄔi以省略。該IP位址可以利用主機名稱或者是            十進位數-
              [小數點符號指定(e.g.150.234.56.78)。
              預設的本地位址是系統的(第一荂^IP位址(除非有加上
              noipdefault選項)。遠端位址如果沒有在任何選項中指
              定的話將從彼端取得。因此,在簡單的案例中,這蚇龠
              不是必須的。如果有一茈誚a以及/或是遠端的IP位址            以這-
              蚇龠等[以指定的話,pppd將不會接受在IPCP協商
              中從彼端所傳來不同的A除非加上ipcp-accept-local
              以及/或是ipcp-accept-remote選項,荍O地。

       ipv6 <local_interface_identifier>,<remote_interface_identifier>
              Set the local and/or remote 64-bit interface identifier.  Either
              one may be omitted. The identifier must be specified in standard
              ascii notation of IPv6  addresses  (e.g.  ::dead:beef).  If  the
              ipv6cp-use-ipaddr  option  is given, the local identifier is the
              local IPv4 address (see above).  On  systems  which  supports  a
              unique  persistent  id, such as EUI-48 derived from the Ethernet
              MAC address, ipv6cp-use-persistent option can be used to replace
              the  ipv6  <local>,<remote>  option. Otherwise the identifier is
              randomized.

       active-filter filter-expression
              Specifies a packet filter to  be  applied  to  data  packets  to
              determine which packets are to be regarded as link activity, and
              therefore reset the idle timer, or cause the link to be  brought
              up   in   demand-dialling   mode.   This  option  is  useful  in
              conjunction with the idle option if there are packets being sent
              or  received  regularly  over  the  link  (for  example, routing
              information packets) which would otherwise prevent the link from
              ever  appearing  to be idle.  The filter-expression syntax is as
              described for  tcpdump(1),  except  that  qualifiers  which  are
              inappropriate  for  a  PPP  link, such as ether and arp, are not
              permitted.  Generally the filter expression should  be  enclosed
              in  single-quotes  to  prevent whitespace in the expression from
              being interpreted by the shell. This option  is  currently  only
              available  under  NetBSD,  and  then only if both the kernel and
              pppd were compiled with PPP_FILTER defined.

       allow-ip address(es)
              Allow peers to use  the  given  IP  address  or  subnet  without
              authenticating  themselves.  The parameter is parsed as for each
              element of the list of allowed IP addresses in the secrets files
              (see the AUTHENTICATION section below).

       bsdcomp nr,nt
              Request  that the peer compress packets that it sends, using the
              BSD-Compress scheme, with a maximum code size of  nr  bits,  and
              agree  to  compress packets sent to the peer with a maximum code
              size of nt bits.  If nt is not specified,  it  defaults  to  the
              value given for nr.  Values in the range 9 to 15 may be used for
              nr and nt; larger values give  better  compression  but  consume
              more kernel memory for compression dictionaries.  Alternatively,
              a  value  of  0  for  nr  or  nt  disables  compression  in  the
              corresponding  direction.  Use nobsdcomp or bsdcomp 0 to disable
              BSD-Compress compression entirely.

       cdtrcts
              Use a non-standard  hardware  flow  control  (i.e.  DTR/CTS)  to
              control  the  flow  of  data on the serial port.  If neither the
              crtscts, the nocrtscts, the cdtrcts nor the nocdtrcts option  is
              given,  the hardware flow control setting for the serial port is
              left unchanged.  Some serial ports  (such  as  Macintosh  serial
              ports)  lack  a true RTS output. Such serial ports use this mode
              to implement true bi-directional flow control. The sacrifice  is
              that this flow control mode does not permit using DTR as a modem
              control line.

       chap-interval n
               如果有給這蚇龠窗Apppd將會每n 秒奐s盤查彼端。

       chap-max-challenge n
               將CHAP盤查(challenge)傳輸的最大數目設為n(預 設為10)。

       chap-restart n
               將CHAP奐s開始的間隔(奐s傳輸的時間制)設為n 秒鐘(預設為3)。

       connect-delay n
              Wait for up n milliseconds after the connect script finishes for
              a  valid  PPP packet from the peer.  At the end of this time, or
              when a valid PPP packet is received from  the  peer,  pppd  will
              commence  negotiation  by  sending  its  first  LCP packet.  The
              default value is 1000 (1 second).  This wait period only applies
              if the connect or pty option is used.

       debug  遞增偵錯層級(與-d相同)。如果加上這蚇龠窗Apppd
              將以可供嬝牧漁璁※O錄所有傳送或接收的控制封包內容。
              這些封包透過syslog以facilitydaemon還有level
              debug加以記錄。該資訊可以適當設定/etc/syslog.conf    來導向到一-
              蚗仵蚰h。(參餘og.conf(5))。(如果
              pppd以開啟擴充偵錯(extradebugging)編譯的話,它將
              會使用facilitylocal2取代daemon來記錄訊息)。

       default-asyncmap
              Disable  asyncmap negotiation, forcing all control characters to
              be escaped for both the transmit and the receive direction.

       default-mru
              Disable MRU  [Maximum  Receive  Unit]  negotiation.   With  this
              option,  pppd  will  use the default MRU value of 1500 bytes for
              both the transmit and receive direction.

       deflate nr,nt
              Request that the peer compress packets that it sends, using  the
              Deflate  scheme,  with a maximum window size of 2**nr bytes, and
              agree to compress packets sent to the peer with a maximum window
              size of 2**nt bytes.  If nt is not specified, it defaults to the
              value given for nr.  Values in the range 9 to 15 may be used for
              nr  and  nt;  larger  values give better compression but consume
              more kernel memory for compression dictionaries.  Alternatively,
              a  value  of  0  for  nr  or  nt  disables  compression  in  the
              corresponding direction.  Use nodeflate or deflate 0 to  disable
              Deflate  compression  entirely.   (Note:  pppd  requests Deflate
              compression in preference to BSD-Compress if  the  peer  can  do
              either.)

       demand Initiate  the  link  only  on  demand, i.e. when data traffic is
              present.  With this  option,  the  remote  IP  address  must  be
              specified by the user on the command line or in an options file.
              Pppd will initially configure the interface and enable it for IP
              traffic  without  connecting  to  the  peer.   When  traffic  is
              available,  pppd  will  connect  to   the   peer   and   perform
              negotiation,  authentication, etc.  When this is completed, pppd
              will commence passing data packets (i.e., IP packets) across the
              link.

              The demand option implies the persist option.  If this behaviour
              is not desired,  use  the  nopersist  option  after  the  demand
              option.   The  idle  and  holdoff  options  are  also  useful in
              conjuction with the demand option.

       domain d
               新增領域名稱到本地主機名稱以支援驗証。例如,如
              果gethostname()回應porsche這茼W稱,但是完整合
              格的領域名稱是porsche.Quotron.COM的話,你可以使用
              domain選項來將領域名稱設為Quotron.COM。
               Pppd would then use the name porsche.Quotron.COM for looking up
              secrets in the secrets file, and as the default name to send  to
              the peer when authenticating itself to the peer.  This option is
              privileged.

       dryrun With the dryrun option, pppd  will  print  out  all  the  option
              values  which  have  been  set  and then exit, after parsing the
              command line and options files and checking the  option  values,
              but before initiating the link.  The option values are logged at
              level info, and also  printed  to  standard  output  unless  the
              device on standard output is the device that pppd would be using
              to communicate with the peer.

       dump   With the dump option, pppd will print out all the option  values
              which  have  been  set.   This  option is like the dryrun option
              except that pppd proceeds as normal rather than exiting.

       endpoint <epdisc>
              Sets the endpoint discriminator sent by the local machine to the
              peer  during  multilink negotiation to <epdisc>.  The default is
              to use the MAC address of the first ethernet  interface  on  the
              system,  if any, otherwise the IPv4 address corresponding to the
              hostname, if any,  provided  it  is  not  in  the  multicast  or
              locally-assigned  IP  address  ranges, or the localhost address.
              The endpoint discriminator can be the string null or of the form
              type:value, where type is a decimal number or one of the strings
              local, IP, MAC, magic, or phone.  The value is an IP address  in
              dotted-decimal notation for the IP type, or a string of bytes in
              hexadecimal, separated by periods or colons for the other types.
              For  the MAC type, the value may also be the name of an ethernet
              or similar network interface.  This  option  is  currently  only
              available under Linux.

       hide-password
              When  logging  the  contents  of PAP packets, this option causes
              pppd to exclude the password string from the log.  This  is  the
              default.

       holdoff n
              Specifies how many seconds to wait before re-initiating the link
              after it terminates.  This option only has  any  effect  if  the
              persist  or  demand  option  is used.  The holdoff period is not
              applied if the link was terminated because it was idle.

       idle n Specifies that pppd should disconnect if the link is idle for  n
              seconds.   The  link  is  idle  when  no  data  packets (i.e. IP
              packets) are being sent or received.  Note: it is not  advisable
              to  use  this  option with the persist option without the demand
              option.  If the active-filter  option  is  given,  data  packets
              which  are  rejected by the specified activity filter also count
              as the link being idle.

       ipcp-accept-local
              加上這蚇龠答爾隉Apppd將會接受彼端對於本地IP位址
              的意見,即使本地的IP位址已經在某蚇龠竣井定。

       ipcp-accept-remote
              加上這蚇龠答爾隉Apppd將會接受彼端對於它的IP位址
              的意見,即使遠端的IP位址已經在某蚇龠竣井定。

       ipcp-max-configure n
               將IPCP配置n求(configure-request)傳輸的最大數目設
              為n(預設為10)。

       ipcp-max-failure n
              將開始傳送配置拒絕(configure-Rejects)之前的IPCP配
              置未接收(configure-NAKs)的最大數目以取代n(預設 為10)。

       ipcp-max-terminate n
               將IPCP終結n求(terminate-request)傳輸的最大數目設             為
              n(預設為3)。

       ipcp-restart n
               將IPCP奐s開始的間隔(奐s傳輸的時間制)設為n 秒鐘(預設為3)。

       ipparam string
              Provides  an  extra  parameter to the ip-up and ip-down scripts.
              If this option is given, the string supplied is given as the 6th
              parameter to those scripts.

       ipv6cp-max-configure n
              Set the maximum number of IPv6CP configure-request transmissions
              to n (default 10).

       ipv6cp-max-failure n
              Set the maximum number of IPv6CP configure-NAKs returned  before
              starting to send configure-Rejects instead to n (default 10).

       ipv6cp-max-terminate n
              Set the maximum number of IPv6CP terminate-request transmissions
              to n (default 3).

       ipv6cp-restart n
              Set the IPv6CP restart interval (retransmission  timeout)  to  n
              seconds (default 3).

       ipx    Enable  the  IPXCP  and IPX protocols.  This option is presently
              only supported under Linux, and only if  your  kernel  has  been
              configured to include IPX support.

       ipx-network n
              Set  the IPX network number in the IPXCP configure request frame
              to n, a hexadecimal number (without a leading 0x).  There is  no
              valid  default.   If  this  option is not specified, the network
              number is obtained from the peer.  If the peer does not have the
              network number, the IPX protocol will not be started.

       ipx-node n:m
              Set  the  IPX  node  numbers. The two node numbers are separated
              from each other with a colon character. The first  number  n  is
              the  local  node  number. The second number m is the peer's node
              number. Each node number is a hexadecimal  number,  at  most  10
              digits long. The node numbers on the ipx-network must be unique.
              There is no valid default. If this option is not specified  then
              the node numbers are obtained from the peer.

       ipx-router-name <string>
              Set  the name of the router. This is a string and is sent to the
              peer as information data.

       ipx-routing n
              Set the routing protocol to be received  by  this  option.  More
              than  one  instance  of ipx-routing may be specified. The 'none'
              option (0) may be specified as the only instance of ipx-routing.
              The values may be 0 for NONE, 2 for RIP/SAP, and 4 for NLSP.

       ipxcp-accept-local
              Accept  the peer's NAK for the node number specified in the ipx-
              node option. If a node number was specified, and  non-zero,  the
              default is to insist that the value be used. If you include this
              option then you will permit the peer to override  the  entry  of
              the node number.

       ipxcp-accept-network
              Accept  the  peer's  NAK for the network number specified in the
              ipx-network option. If a network number was specified, and  non-
              zero,  the  default  is to insist that the value be used. If you
              include this option then you will permit the  peer  to  override
              the entry of the node number.

       ipxcp-accept-remote
              Use the peer's network number specified in the configure request
              frame. If a node number was specified  for  the  peer  and  this
              option  was  not  specified,  the peer will be forced to use the
              value which you have specified.

       ipxcp-max-configure n
              Set the maximum number of IPXCP configure request  frames  which
              the system will send to n. The default is 10.

       ipxcp-max-failure n
              Set  the  maximum  number  of  IPXCP  NAK frames which the local
              system will send before it  rejects  the  options.  The  default
              value is 3.

       ipxcp-max-terminate n
              Set  the  maximum nuber of IPXCP terminate request frames before
              the local system considers that the peer  is  not  listening  to
              them. The default value is 3.

       kdebug n
              開啟核心層級中的PPP驅動程式偵錯碼。The argument values depend on
              the specific kernel driver, but in general a  value  of  1  will
              enable general kernel debug messages.  (Note that these messages
              are usually only useful for debugging the kernel driver itself.)
              For   the   Linux   2.2.x   kernel  driver,  參數n是一  由下列-
              珩捰X的數字:1開啟一般偵錯訊息,2n求印
              出所接收到的封包內容,而4n求印出傳輸的封包內容。     On     most
              systems, messages printed by the kernel are logged by  syslog(1)
              to  a  file  as  directed  in the /etc/syslog.conf configuration
              file.

       ktune  Enables pppd to alter kernel  settings  as  appropriate.   Under
              Linux,    pppd    will    enable   IP   forwarding   (i.e.   set
              /proc/sys/net/ipv4/ip_forward to 1) if the  proxyarp  option  is
              used,  and  will  enable the dynamic IP address option (i.e. set
              /proc/sys/net/ipv4/ip_dynaddr to 1) in demand mode if the  local
              address changes.

       lcp-echo-failure n
               如果有給這蚇龠窗A那麼如果傳送n粌CP回應n求沒
              有接收到有效的LCP回應回覆的話pppd將會推測彼端是
              死掉的。如果發生這種情形,pppd將會終結該連線。這    選項的使用-
              n求一茷D零的lcp-echo-interval參數C                         這-
              蚇龠等i以用在硬體數據機控制線路無法使用的情況下
              當實際連線被中斷之後(e.g.,數據機已經掛斷)終結 pppd的執行。

       lcp-echo-interval n
              如果有給這蚇龠窗Apppd每秒將會送出一粌CP回                    應-
              n求(echo-request)封包(frame)給彼端。在Linux系        統下,回應-
              n求在n秒內沒有從彼端接收到封包時會被送 出。一般彼端應該以傳送一-
              茼^應回覆(echo-reply)來反                       應該回應n求。這-
              蚇龠等i以與lcp-echo-failure選項 一起使用來偵測不再連線的彼端。

       lcp-max-configure n
               將LCP配置n求(configure-request)傳輸的最大數目設
              為n(預設為10)。

       lcp-max-failure n
               將開始傳送配置拒絕(configure-Rejects)之前的LCP配
              置未接收(configure-NAKs)的最大數目設置為n(預設 為10)。

       lcp-max-terminate n
               將LCP終結n求(terminate-request)傳輸的最大數目設
              為n(預設為3)。

       lcp-restart n
              將LCP奐s開始的間隔(奐s傳輸的時間制)設為 秒鐘(預設為3)。

       linkname name
              Sets  the  logical name of the link to name.  Pppd will create a
              file  named  ppp-name.pid  in  /var/run  (or  /etc/ppp  on  some
              systems)  containing  its  process  ID.   This  can be useful in
              determining which instance of pppd is responsible for  the  link
              to a given peer system.  This is a privileged option.

       local  不n使用數據機控制線路。   With this option, pppd will ignore the
              state of the CD (Carrier Detect) signal from the modem and  will
              not change the state of the DTR (Data Terminal Ready) signal.

       logfd n
              Send  log  messages  to  file  descriptor n.  Pppd will send log
              messages to at most one file or  file  descriptor  (as  well  as
              sending  the  log  messages  to  syslog), so this option and the
              logfile option are mutually exclusive.  The default is for  pppd
              to  send  log messages to stdout (file descriptor 1), unless the
              serial port is already open on stdout.

       logfile filename
              Append log messages to the file filename (as well as sending the
              log messages to syslog).  The file is opened with the privileges
              of the user who invoked pppd, in append mode.

       login  使用系統密碼資料庫驗証使用PAP的彼端。 and record the user in the
              system  wtmp file.  Note that the peer must have an entry in the
              /etc/ppp/pap-secrets  file  as  well  as  the  system   password
              database to be allowed access.

       maxconnect n
              Terminate  the connection when it has been available for network
              traffic for n seconds (i.e. n seconds after  the  first  network
              control protocol comes up).

       maxfail n
              Terminate  after  n  consecutive  failed connection attempts.  A
              value of 0 means no limit.  The default value is 10.

       modem  使用數據機控制線路。This  option  is  the  default.   With  this
              option,  pppd  will wait for the CD (Carrier Detect) signal from
              the modem to be asserted when opening the serial device  (unless
              a  connect  script is specified), and it will drop the DTR (Data
              Terminal Ready) signal briefly when the connection is terminated
              and   before   executing  the  connect  script.  在Ultrix上,這-
              蚇龠絲|實作硬 體流量控制,像crtsct選項作的。

       mp     Enables the use of PPP multilink;  this  is  an  alias  for  the
              `multilink'  option.   This  option  is currently only available
              under Linux.

       mpshortseq
              Enables the use of short (12-bit) sequence numbers in  multilink
              headers,  as opposed to 24-bit sequence numbers.  This option is
              only available under Linux, and only has any effect if multilink
              is enabled (see the multilink option).

       mrru n Sets  the  Maximum Reconstructed Receive Unit to n.  The MRRU is
              the maximum size for a received packet on  a  multilink  bundle,
              and  is  analogous  to  the  MRU for the individual links.  This
              option is currently only available under Linux, and only has any
              effect if multilink is enabled (see the multilink option).

       ms-dns <addr>
              If  pppd  is  acting  as a server for Microsoft Windows clients,
              this option allows pppd to supply one or two  DNS  (Domain  Name
              Server)  addresses  to  the clients.  The first instance of this
              option specifies the primary DNS address;  the  second  instance
              (if  given)  specifies  the secondary DNS address.  (This option
              was present in some older versions of pppd under the  name  dns-
              addr.)

       ms-wins <addr>
              If  pppd  is acting as a server for Microsoft Windows or "Samba"
              clients, this option allows pppd  to  supply  one  or  two  WINS
              (Windows   Internet  Name  Services)  server  addresses  to  the
              clients.  The  first  instance  of  this  option  specifies  the
              primary  WINS  address; the second instance (if given) specifies
              the secondary WINS address.

       multilink
              Enables the use of the PPP multilink protocol.  If the peer also
              supports  multilink,  then this link can become part of a bundle
              between the local system and the peer.  If there is an  existing
              bundle  to  the  peer,  pppd will join this link to that bundle,
              otherwise pppd will create a  new  bundle.   See  the  MULTILINK
              section  below.   This  option is currently only available under
              Linux.

       name name
              將本地系統的名稱設為用來進行驗証。 This is a privileged  option.
              With this option, pppd will use lines in the secrets files which
              have name as the second field when looking for a secret  to  use
              in authenticating the peer.  In addition, unless overridden with
              the user option, name will be used as the name to  send  to  the
              peer  when  authenticating  the local system to the peer.  (Note
              that pppd does not append the domain name to name.)

       netmask n
               把該界捱蘢翿遢X設為,這是一茈H〞十進位數[
              小數點〞("decimaldot")符號表示的32位元網路掩碼
              (e.g.255.255.255.0)。If  this  option  is   given,   the   value
              specified is ORed with the default netmask.  The default netmask
              is chosen based on the negotiated remote IP address; it  is  the
              appropriate network mask for the class of the remote IP address,
              ORed with  the  netmasks  for  any  non  point-to-point  network
              interfaces  in the system which are on the same network.  (Note:
              on some platforms, pppd will always use 255.255.255.255 for  the
              netmask,  if  that is the only appropriate value for a point-to-
              point interface.)

       noaccomp
              Disable Address/Control compression in both directions (send and
              receive).

       noauth Do  not require the peer to authenticate itself.  This option is
              privileged.

       nobsdcomp
              Disables BSD-Compress compression;  pppd  will  not  request  or
              agree to compress packets using the BSD-Compress scheme.

       noccp  Disable  CCP  (Compression  Control Protocol) negotiation.  This
              option should only be required if the peer  is  buggy  and  gets
              confused by requests from pppd for CCP negotiation.

       nocrtscts
              Disable hardware flow control (i.e. RTS/CTS) on the serial port.
              If neither the crtscts nor the nocrtscts nor the cdtrcts nor the
              nocdtrcts option is given, the hardware flow control setting for
              the serial port is left unchanged.

       nocdtrcts
              This option is a synonym for nocrtscts. Either of these  options
              will disable both forms of hardware flow control.

       nodefaultroute
              Disable  the  defaultroute option.  The system administrator who
              wishes to prevent users from creating default routes  with  pppd
              can do so by placing this option in the /etc/ppp/options file.

       nodeflate
              Disables  Deflate compression; pppd will not request or agree to
              compress packets using the Deflate scheme.

       nodetach
              Don't  detach  from  the  controlling  terminal.   Without  this
              option,  if  a  serial  device  other  than  the terminal on the
              standard  input  is  specified,  pppd  will  fork  to  become  a
              background process.

       noendpoint
              Disables pppd from sending an endpoint discriminator to the peer
              or accepting one  from  the  peer  (see  the  MULTILINK  section
              below).   This  option  should  only  be required if the peer is
              buggy.

       noip   Disable IPCP negotiation  and  IP  communication.   This  option
              should  only  be required if the peer is buggy and gets confused
              by requests from pppd for IPCP negotiation.

       noipv6 Disable IPv6CP negotiation and IPv6 communication.  This  option
              should  only  be required if the peer is buggy and gets confused
              by requests from pppd for IPv6CP negotiation.

       noipdefault
              關閉在沒有指定本地IP位址時所進行的預設動作,這是
              用來由從主機名稱決定(如果可能的話)決定本地IP位     址。加上這-
              蚇龠答爾隉A彼端將必須在進行IPCP協商時
              (除非在指令列或在選項檔中明確地指定它)提供本地的 IP位址。

       noipx  Disable the IPXCP and IPX protocols.  This option should only be
              required if the peer is buggy and gets confused by requests from
              pppd for IPXCP negotiation.

       noktune
              Opposite of the ktune option; disables pppd from changing system
              settings.

       nolog  Do not send log messages to a file  or  file  descriptor.   This
              option cancels the logfd and logfile options.

       nomagic
              Disable magic number negotiation.  With this option, pppd cannot
              detect a looped-back line.  This option should only be needed if
              the peer is buggy.

       nomp   Disables  the  use  of  PPP multilink.  This option is currently
              only available under Linux.

       nompshortseq
              Disables the use of short (12-bit) sequence numbers in  the  PPP
              multilink  protocol, forcing the use of 24-bit sequence numbers.
              This option is currently only available under  Linux,  and  only
              has any effect if multilink is enabled.

       nomultilink
              Disables  the  use  of  PPP multilink.  This option is currently
              only available under Linux.

       nopcomp
              Disable protocol  field  compression  negotiation  in  both  the
              receive and the transmit direction.

       nopersist
              Exit  once  a  connection has been made and terminated.  This is
              the default  unless  the  persist  or  demand  option  has  been
              specified.

       nopredictor1
              Do not accept or agree to Predictor-1 compression.

       noproxyarp
              Disable  the  proxyarp  option.   The  system  administrator who
              wishes to prevent users from creating  proxy  ARP  entries  with
              pppd  can  do  so by placing this option in the /etc/ppp/options
              file.

       notty  Normally, pppd requires a terminal device.   With  this  option,
              pppd will allocate itself a pseudo-tty master/slave pair and use
              the slave as its terminal device.   Pppd  will  create  a  child
              process  to  act  as  a `character shunt' to transfer characters
              between the pseudo-tty master and its standard input and output.
              Thus  pppd  will  transmit characters on its standard output and
              receive characters on its standard input even if  they  are  not
              terminal  devices.   This  option  increases the latency and CPU
              overhead of transferring data over the ppp interface as  all  of
              the characters sent and received must flow through the character
              shunt process.  An explicit device name may not be given if this
              option is used.

       novj   Disable Van Jacobson style TCP/IP header compression in both the
              transmit and the receive direction.

       novjccomp
              Disable the connection-ID compression  option  in  Van  Jacobson
              style  TCP/IP  header  compression.  With this option, pppd will
              not omit the connection-ID byte  from  Van  Jacobson  compressed
              TCP/IP headers, nor ask the peer to do so.

       papcrypt
              Indicates  that  all  secrets  in  the /etc/ppp/pap-secrets file
              which are used  for  checking  the  identity  of  the  peer  are
              encrypted,  and  thus  pppd  should not accept a password which,
              before  encryption,  is  identical  to  the  secret   from   the
              /etc/ppp/pap-secrets file.

       pap-max-authreq n
               將PAP驗証n求(authenticate-request)傳輸的最大數目
              設為n(預設為10)。

       pap-restart n
               將PAP奐s開始的間隔(奐s傳輸的時間制)設為n 秒鐘(預設為3)。

       pap-timeout n
              Set the maximum time  that  pppd  will  wait  for  the  peer  to
              authenticate itself with PAP to n seconds (0 means no limit).

       pass-filter filter-expression
              Specifies  a packet filter to applied to data packets being sent
              or received to determine which  packets  should  be  allowed  to
              pass.   Packets  which  are  rejected by the filter are silently
              discarded.  This option can be used to prevent specific  network
              daemons  (such as routed) using up link bandwidth, or to provide
              a basic firewall capability.  The filter-expression syntax is as
              described  for  tcpdump(1),  except  that  qualifiers  which are
              inappropriate for a PPP link, such as ether  and  arp,  are  not
              permitted.   Generally  the filter expression should be enclosed
              in single-quotes to prevent whitespace in  the  expression  from
              being  interpreted  by  the  shell.  Note that it is possible to
              apply different constraints to  incoming  and  outgoing  packets
              using  the  inbound  and  outbound  qualifiers.  This  option is
              currently only available under NetBSD, and then only if both the
              kernel and pppd were compiled with PPP_FILTER defined.

       persist
              Do  not  exit  after  a connection is terminated; instead try to
              reopen the connection.

       plugin filename
              Load the shared library object file filename as a plugin.   This
              is a privileged option.

       predictor1
              Request  that  the  peer  compress  frames  that  it sends using
              Predictor-1  compression,  and  agree  to  compress  transmitted
              frames with Predictor-1 if requested.  This option has no effect
              unless the kernel driver supports Predictor-1 compression.

       privgroup group-name
              Allows members of group group-name to  use  privileged  options.
              This  is  a privileged option.  Use of this option requires care
              as there is no guarantee that members of group-name  cannot  use
              pppd  to  become  root  themselves.   Consider  it equivalent to
              putting the members of group-name in the kmem or disk group.

       proxyarp
              以彼端的IP位址以及該系統的以太網路位址增加一荈
              目到系統的ARP[AddressResolutionProtocol位址解 譯協定]表格。 This
              will have the effect of making the peer appear to other  systems
              to be on the local ethernet.

       pty script
              Specifies  that  the command script is to be used to communicate
              rather than a specific  terminal  device.   Pppd  will  allocate
              itself  a  pseudo-tty master/slave pair and use the slave as its
              terminal device.  The script will be run in a child process with
              the  pseudo-tty  master  as  its  standard input and output.  An
              explicit device name may not be given if this  option  is  used.
              (Note:  if  the record option is used in conjuction with the pty
              option, the child process will have pipes on its standard  input
              and output.)

       receive-all
              With  this  option, pppd will accept all control characters from
              the peer,  including  those  marked  in  the  receive  asyncmap.
              Without  this  option,  pppd  will  discard  those characters as
              specified in RFC1662.  This option should only be needed if  the
              peer is buggy.

       record filename
              Specifies  that  pppd  should  record  all  characters  sent and
              received to a file named  filename.   This  file  is  opened  in
              append  mode,  using  the  user's user-ID and permissions.  This
              option is implemented  using  a  pseudo-tty  and  a  process  to
              transfer  characters  between the pseudo-tty and the real serial
              device, so it will increase the  latency  and  CPU  overhead  of
              transferring  data  over  the ppp interface.  The characters are
              stored  in  a  tagged  format  with  timestamps,  which  can  be
              displayed in readable form using the pppdump(8) program.

       remotename name
              將遠端系統的假設名稱設為以進行驗証。

       refuse-chap
              With  this option, pppd will not agree to authenticate itself to
              the peer using CHAP.

       refuse-pap
              With this option, pppd will not agree to authenticate itself  to
              the peer using PAP.

       require-chap
              Require  the  peer  to authenticate itself using CHAP [Challenge
              Handshake Authentication Protocol] authentication.

       require-pap
              Require the peer to  authenticate  itself  using  PAP  [Password
              Authentication Protocol] authentication.

       show-password
              When  logging  the  contents  of PAP packets, this option causes
              pppd to show the password string in the log message.

       silent 加上這蚇龠窗Apppd將不會傳輸LCP封包來初使一茬s
              線一直到從彼端接收到一茼陵蘆摔CP封包。(就像是給
              舊版pppd使用的"passive"選項)。

       sync   Use synchronous HDLC serial encoding  instead  of  asynchronous.
              The device used by pppd with this option must have sync support.
              Currently supports Microgate SyncLink adapters under  Linux  and
              FreeBSD 2.2.8 and later.

       updetach
              With this option, pppd will detach from its controlling terminal
              once it has successfully established the ppp connection (to  the
              point  where  the first network control protocol, usually the IP
              control protocol, has come up).

       usehostname
              強╞D機名稱使用本地系統的名稱來進行驗証。(這會遜Lname選項)。
              This  option  is  not  normally  needed since the name option is
              privileged.

       usepeerdns
              Ask the peer for up to 2 DNS server  addresses.   The  addresses
              supplied  by  the peer (if any) are passed to the /etc/ppp/ip-up
              script in the environment variables DNS1 and DNS2.  In addition,
              pppd  will create an /etc/ppp/resolv.conf file containing one or
              two nameserver lines with the address(es) supplied by the  peer.

       user name
              將使用者名稱設為以便讓使用PAP的彼端驗証這台機器時使用。

       vj-max-slots n
              Sets  the  number  of  connection  slots  to  be used by the Van
              Jacobson TCP/IP header compression and decompression code to  n,
              which must be between 2 and 16 (inclusive).

       welcome script
              Run  the  executable or shell command specified by script before
              initiating PPP negotiation, after the connect  script  (if  any)
              has completed.  A value for this option from a privileged source
              cannot be overridden by a non-privileged user.

       xonxoff
              使用軟體流量控制(i.e.XON/XOFF)來控制串列埠上的資料流。

 OPTIONS FILES
       選項可以從檔案取出使用就如同使用命令列一般。pppd在查看指
       令列之前先從檔案/etc/ppp/options以及~/.ppprc讀取選項。 ttyname (in that
       order) before processing the options on the command  line.   (In  fact,
       the  command-line  options are scanned to find the terminal name before
       the options.ttyname  file  is  read.)   In  forming  the  name  of  the
       options.ttyname  file,  the  initial /dev/ is removed from the terminal
       name, and any remaining / characters are replaced with dots.

       一蚇龠耋仵蚰H空白字元為界被慦R成一串單字。空白字元可以用
       雙引號(")包括在一茬璁r裏。丳袙u引用其後的字元。而hash
       (#)符號開始一段注解持續到該行結束。 There is no  restriction  on  using
       the file or call options within an options file.

w SECURITY
       pppd                 提供系統管理人充份的存取控制能力這表示以PPP存取一
       台伺服機器可以提供給合法的使用者使用而不必擔心危及該伺服器
       或所在網路的安全性。這有一部份是以/etc/ppp/options檔案來
       提供,在這裏系統管理人可以放置在執行pppd的時唹峔胻求
       驗証的選項,而部份是由PAP以及CHAP暗號檔案來提供,其中  系統管理人可以-
       制荍O的使用者可以使用的一群IP位址。

       The default behaviour of pppd is to allow an  unauthenticated  peer  to
       use a given IP address only if the system does not already have a route
       to that IP address.  For example, a system with a permanent  connection
       to  the wider internet will normally have a default route, and thus all
       peers will have to  authenticate  themselves  in  order  to  set  up  a
       connection.   On such a system, the auth option is the default.  On the
       other hand, a system where the PPP link is the only connection  to  the
       internet  will  not  normally have a default route, so the peer will be
       able to use almost any IP address without authenticating itself.

       As indicated above, some  security-sensitive  options  are  privileged,
       which  means  that  they  may not be used by an ordinary non-privileged
       user running a setuid-root pppd, either on the  command  line,  in  the
       user's ~/.ppprc file, or in an options file read using the file option.
       Privileged options may be  used  in  /etc/ppp/options  file  or  in  an
       options  file  read using the call option.  If pppd is being run by the
       root user, privileged options can be used without restriction.

       When opening the device, pppd uses either the invoking user's  user  ID
       or  the root UID (that is, 0), depending on whether the device name was
       specified by the user or the system administrator.  If the device  name
       comes from a privileged source, that is, /etc/ppp/options or an options
       file read using the call option, pppd uses full  root  privileges  when
       opening  the  device.   Thus,  by  creating  an  appropriate file under
       /etc/ppp/peers, the system administrator can allow users to establish a
       ppp  connection  via  a  device  which  they  would  not  normally have
       permission to access.  Otherwise pppd uses the invoking user's real UID
       when opening the device.

AUTHENTICATION

       Authentication  is  the process whereby one peer convinces the other of
       its identity.  This involves the first peer sending  its  name  to  the
       other,  together  with some kind of secret information which could only
       come from the genuine  authorized  user  of  that  name.   In  such  an
       exchange,  we  will  call the first peer the "client" and the other the
       "server".  The client has a name by which it identifies itself  to  the
       server, and the server also has a name by which it identifies itself to
       the client.  Generally  the  genuine  client  shares  some  secret  (or
       password)  with the server, and authenticates itself by proving that it
       knows that secret.  Very  often,  the  names  used  for  authentication
       correspond  to  the  internet  hostnames  of the peers, but this is not
       essential.

       At present, pppd supports two authentication  protocols:  the  Password
       Authentication    Protocol    (PAP)   and   the   Challenge   Handshake
       Authentication Protocol (CHAP).  PAP involves the  client  sending  its
       name and a cleartext password to the server to authenticate itself.  In
       contrast, the server initiates  the  CHAP  authentication  exchange  by
       sending  a  challenge  to the client (the challenge packet includes the
       server's name).  The client must respond with a response which includes
       its  name  plus  a  hash  value  derived from the shared secret and the
       challenge, in order to prove that it knows the secret.

       The PPP protocol, being symmetrical, allows both peers to  require  the
       other   to  authenticate  itself.   In  that  case,  two  separate  and
       independent authentication exchanges will  occur.   The  two  exchanges
       could   use  different  authentication  protocols,  and  in  principle,
       different names could be used in the two exchanges.

        pppd預設的動作是如果有n求就同意進行驗証,並且不n求從彼
       端做驗証。然而如果沒有可以用來驗証的暗號則pppd將不會同意
       以特殊的協定來驗証它自己。

        驗証的基礎是由暗號檔案選擇的暗號(/etc/ppp/pap-secrets是
       給PAP使用的,/etc/ppp/chap-secrets則是給CHAP使用)。              這兩-
       虓t號檔案都具有相同的格式,而且兩者都可以儲放暗號給數
       種伺服器(驗証彼端)及客戶(被驗証端)組合使用。注意pppd
       可以最為伺服端以及客戶端,而且如果需n的話兩方可以使用不同 的協定。

        一虓t號檔案如同選項檔案一般被慦R成單字。一虓t號是由最少         包含3-
       茬璁r的一行所指定,依序是客戶,伺服器,暗號。在同
       一行中任何跟在其後的單字都被當作是給客戶的可接受IP位址列
       表。如果該行只有3茬璁r,這假設任何IP位址都可以;不允
       釧狾釭截P位址的話,使用"-"。如果暗號是以'@'開始,其
       後所接的單字將被假設為可以從中讀取暗號的檔案名稱。而以一
       "*"字元作為客戶或伺服端的名稱會符合任何名稱。在選擇一虓t
       號時,pppd會選擇最符合的,i.e.最少萬用字元的那荂C

       如此一虓t號檔案包含用來驗証其它主機,以及用來為其它主機驗
       証自己兩者的暗號。選擇使用虓t號是根據該主機(本地名稱)
       以及其彼端(遠端名稱)而定。本地名稱的設定如下:

       If  the  secret  starts  with an `@', what follows is assumed to be the
       name of a file from which to read the secret.  A "*" as the  client  or
       server  name matches any name.  When selecting a secret, pppd takes the
       best match, i.e.  the match with the fewest wildcards.

       Any following words on the  same  line  are  taken  to  be  a  list  of
       acceptable  IP addresses for that client.  If there are only 3 words on
       the line, or if the first word  is  "-",  then  all  IP  addresses  are
       disallowed.   To  allow any address, use "*".  A word starting with "!"
       indicates that the specified address is not acceptable.  An address may
       be followed by "/" and a number n, to indicate a whole subnet, i.e. all
       addresses which have the same value in the most significant n bits.  In
       this form, the address may be followed by a plus sign ("+") to indicate
       that one address from the  subnet  is  authorized,  based  on  the  ppp
       network  interface  unit number in use.  In this case, the host part of
       the address will be set to the unit number plus one.

       Thus a secrets file contains both secrets  for  use  in  authenticating
       other  hosts, plus secrets which we use for authenticating ourselves to
       others.  When pppd is authenticating  the  peer  (checking  the  peer's
       identity),  it chooses a secret with the peer's name in the first field
       and the name of the local system in the second field.  The name of  the
       local system defaults to the hostname, with the domain name appended if
       the domain option is used.  This default can  be  overridden  with  the
       name option, except when the usehostname option is used.

       When  pppd  is choosing a secret to use in authenticating itself to the
       peer, it first determines what name it is  going  to  use  to  identify
       itself  to  the  peer.  This name can be specified by the user with the
       user option.  If this option is not used, the name defaults to the name
       of the local system, determined as described in the previous paragraph.
       Then pppd looks for a secret with this name in the first field and  the
       peer's  name  in the second field.  Pppd will know the name of the peer
       if CHAP authentication is being used, because the peer will  have  sent
       it  in  the challenge packet.  However, if PAP is being used, pppd will
       have to determine the peer's name from the  options  specified  by  the
       user.   The  user  can  specify  the  peer's  name  directly  with  the
       remotename option.  Otherwise, if the remote IP address  was  specified
       by  a name (rather than in numeric form), that name will be used as the
       peer's name.  Failing that, pppd will use the null string as the peer's
       name.

        當以PAP驗証彼端時,一""暗號符合任何由彼端所提供密碼。
       如果密碼不符合暗號,密碼被以crypt()編碼並且再次檢查暗號;
       因此驗証彼端的暗號可以編碼方式儲放。

       如果指定有login選項,
       使用者名稱以及密碼也會被以系統的密碼資料庫檢查。因此系統管        理人-
       可以設定pap-secrets檔案以便只允閉Y些使用者以PPP        連線,並且制每-
       茖洏峈怚i以使用一些IP位址。 Typically, when using the login option, the
       secret  in  /etc/ppp/pap-secrets  would  be  "",  which  will match any
       password supplied by the peer.  This avoids the need to have  the  same
       secret in two places.

        驗証必須在IPCP(或任何其它網路控制協定)開始之前被完全地
       滿足。如果驗証失敗,pppd將會終結連線(關閉LCP)。如果     IPCP協商出一-
       茧L法接受的遠端主機IP位址,IPCP將會關閉。     IP封包只有在IPCP打開的時-
       啎~能傳送或接收。

        即使本地主機一般會n求驗証,在某些案例中會希望允一些無法驗        証它-
       怞菑v的主機連線並使用所制的IP位址其中之一。如果彼                 在被-
       n求時拒絕驗証它自己,pppd將會把它當成等於是在使用者
       名稱以及密碼上使用空字串來以PAP驗証。所以,藉由增加一行
       指定空字串為客戶以及密碼到pap-secrets檔案去,允釧痤棠
       証自己的主機進行有制的存取是可能的。

 ROUTING
        當IPCP協商成它a完成時,pppd將會通知核心該ppp界悼誚a
       以及遠端的IP位址。這足夠用來建立一茈D機到該連線遠端的遞
       送路徑,該路徑將使兩端能交換IP封包。與其它的機器進行通訊        往往需-
       n更進一步地蚹嚜摯e表格(routingtables)以及/或是
       ARP(位址解譯協定)表格。在某些案例中這將透過routed或是
       gated隱形程式的動作自動地完成,但是在大部分的案例中需n更 進一步的介入。

        有時埸|希望透過遠端主機來增加一蚢w設遞送路徑,像是在一台  只透過ppp界-
       掖s線到Internet的機器。此defaultroute選
       項使得pppd在IPCP完成時建立起這麼一蚢w設的遞送路徑,並
       且在該線路被終結時將之刪除。

        在某些情況下會希望使用proxyARP,例如在一台連結到區域網
       路的伺服機器上,為了能夠允釣銗扛漸D機與遠端主機進行通訊。
       proxyarp選項引發pppd去尋找一蚖P遠端主機在相同子網路上    的網路界情]一-
       茪銧彼s播(boardcast)以及ARP的界情A不但n             是可用的並且不是一-
       蚋I對點或回授界情^。如果找到,pppd會
       以該遠端主機的IP位址以及所找到的網路界惜孝w體位址建立一
       茈瓣[的,公開的ARP項目。

       When the demand option is used, the interface IP addresses have already
       been set at the point when IPCP comes up.  If pppd has not been able to
       negotiate the same addresses that it used to  configure  the  interface
       (for  example  when  the  peer  is  an ISP that uses dynamic IP address
       assignment), pppd has to change  the  interface  IP  addresses  to  the
       negotiated  addresses.   This may disrupt existing connections, and the
       use of demand dialling with peers that do dynamic IP address assignment
       is not recommended.

MULTILINK

       Multilink  PPP provides the capability to combine two or more PPP links
       between a pair of machines into a single `bundle', which appears  as  a
       single  virtual  PPP  link  which  has  the  combined  bandwidth of the
       individual links.  Currently, multilink PPP  is  only  supported  under
       Linux.

       Pppd  detects  that the link it is controlling is connected to the same
       peer as another link using the peer's endpoint  discriminator  and  the
       authenticated  identity  of the peer (if it authenticates itself).  The
       endpoint discriminator is a block of data which is hopefully unique for
       each  peer.   Several  types  of  data  can be used, including locally-
       assigned strings  of  bytes,  IP  addresses,  MAC  addresses,  randomly
       strings  of  bytes, or E-164 phone numbers.  The endpoint discriminator
       sent to the peer by pppd can be set using the endpoint option.

       In circumstances the peer may send no endpoint discriminator or a  non-
       unique value.  The optional bundle option adds an extra string which is
       added to the peer's endpoint discriminator and  authenticated  identity
       when  matching  up links to be joined together in a bundle.  The bundle
       option can also be used to allow the establishment of multiple  bundles
       between  the  local  system  and the peer.  Pppd uses a TDB database in
       /var/run/pppd.tdb to match up links.

       Assuming that multilink is enabled and the peer is willing to negotiate
       multilink,  then when pppd is invoked to bring up the first link to the
       peer, it will detect that no other link is connected to  the  peer  and
       create a new bundle, that is, another ppp network interface unit.  When
       another pppd is invoked to bring up another link to the peer,  it  will
       detect  the existing bundle and join its link to it.  Currently, if the
       first pppd terminates (for example, because of a hangup or  a  received
       signal) the bundle is destroyed.

d EXAMPLE S
       The  following  examples assume that the /etc/ppp/options file contains
       the auth option (as in the default /etc/ppp/options  file  in  the  ppp
       distribution).

       Probably  the  most  common use of pppd is to dial out to an ISP.  This
       can be done with a command such as

              pppd call isp

       where the /etc/ppp/peers/isp file is set up by the system administrator
       to contain something like this:

              ttyS0 19200 crtscts
              connect '/usr/sbin/chat -v -f /etc/ppp/chat-isp'
              noauth

       In  this  example,  we  are  using  chat to dial the ISP's modem and go
       through  any  logon  sequence  required.   The  /etc/ppp/chat-isp  file
       contains  the  script  used  by  chat;  it  could  for  example contain
       something like this:

              ABORT "NO CARRIER"
              ABORT "NO DIALTONE"
              ABORT "ERROR"
              ABORT "NO ANSWER"
              ABORT "BUSY"
              ABORT "Username/Password Incorrect"
              "" "at"
              OK "at&d0&c1"
              OK "atdt2468135"
              "name:" "^Umyuserid"
              "word:" "\qmypassword"
              "ispts" "\q^Uppp"
              "~-^Uppp-~"

       See the chat(8) man page for details of chat scripts.

       Pppd can also be used to provide a dial-in ppp service for  users.   If
       the  users  already have login accounts, the simplest way to set up the
       ppp service is to let the users log in to their accounts and  run  pppd
       (installed setuid-root) with a command such as

              pppd proxyarp

       To  allow  a user to use the PPP facilities, you need to allocate an IP
       address for that user's machine and create an  entry  in  /etc/ppp/pap-
       secrets  or  /etc/ppp/chap-secrets  (depending  on which authentication
       method the PPP implementation on the user's machine supports), so  that
       the  user's machine can authenticate itself.  For example, if Joe has a
       machine called "joespc" which is to  be  allowed  to  dial  in  to  the
       machine called "server" and use the IP address joespc.my.net, you would
       add an  entry  like  this  to  /etc/ppp/pap-secrets  or  /etc/ppp/chap-
       secrets:

              joespc    server    "joe's secret" joespc.my.net

       Alternatively,  you  can  create a username called (for example) "ppp",
       whose login shell  is  pppd  and  whose  home  directory  is  /etc/ppp.
       Options  to  be  used  when  pppd  is  run  this  way  can  be  put  in
       /etc/ppp/.ppprc.

        如果你的串列連線比直接以線路連接更復雜的話,你可能會需n做
       些調整以便避開一些控制字元。特別是,通常避開XON(^Q)以及
       XOFF(^S)是有用的,可以使用asyncmapa0000。如果該路徑包
       含telnet的話,你可能應該也n避開^](asyncmap200a0000)。
       如果該路徑包含rlogin的話,你將需n在執行rlogin的客戶端
       上使用escapeff選項,因為釵hrlogin的實作並非是透通的;               它-
       戔N會從資料流中移除[0xff,0xff,0x73,0x73,跟隨的任何 8位元組]這些序列。

E DIAGNOSTICS
        訊息使用facilityLOG_DAEMON送到syslog隱形程式。(這      可以藉著以所-
       n的facility定義LOG_PPP巨集來奐s編譯pppd
       加以改變。)為了能夠看到錯誤以及偵錯訊息,你將需n編輯你的
       /etc/syslog.conf檔案來將訊息導向到所希望的設備或檔案。

       debug選項使得所有送出以及接收的控制封包內容都被記錄下來,
       這是指所有的LCP,PAP,CHAP,或是IPCP封包。如果PPP協商
       沒有成左爾雰獄繷o可能會有用。如果在編譯時期開啟偵錯弁鄋
       話,pppd會使用facilityLOG_LOCAL2來取代LOG_DAEMON,而
       且debug選項會使得額外的偵錯訊息被記錄下來。

       偵錯弁鄐]可以藉著傳送一紎IGUSR1到pppd程式來啟動。偵
       錯弁鄍i以藉著傳送一紎IGUSR2到pppd程式來關閉。

EXIT STATUS

       The exit status of pppd is  set  to  indicate  whether  any  error  was
       detected, or the reason for the link being terminated.  The values used
       are:

       0      Pppd has detached, or otherwise the connection was  successfully
              established and terminated at the peer's request.

       1      An  immediately  fatal  error  of some kind occurred, such as an
              essential system call failing, or running out of virtual memory.

       2      An  error  was detected in processing the options given, such as
              two mutually exclusive options being used.

       3      Pppd is not setuid-root and the invoking user is not root.

       4      The kernel does not support PPP, for  example,  the  PPP  kernel
              driver is not included or cannot be loaded.

       5      Pppd  terminated because it was sent a SIGINT, SIGTERM or SIGHUP
              signal.

       6      The serial port could not be locked.

       7      The serial port could not be opened.

       8      The connect script failed (returned a non-zero exit status).

       9      The command specified as the argument to the  pty  option  could
              not be run.

       10     The  PPP  negotiation failed, that is, it didn't reach the point
              where at least one network protocol (e.g. IP) was running.

       11     The peer system failed (or refused) to authenticate itself.

       12     The link was established successfully and terminated because  it
              was idle.

       13     The link was established successfully and terminated because the
              connect time limit was reached.

       14     Callback was negotiated  and  an  incoming  call  should  arrive
              shortly.

       15     The  link  was  terminated because the peer is not responding to
              echo requests.

       16     The link was terminated by the modem hanging up.

       17     The PPP negotiation failed because serial loopback was detected.

       18     The init script failed (returned a non-zero exit status).

       19     We failed to authenticate ourselves to the peer.

SCRIPTS

       Pppd  invokes  scripts at various stages in its processing which can be
       used to perform site-specific ancillary processing.  These scripts  are
       usually  shell  scripts,  but  could  be executable code files instead.
       Pppd does not wait for the scripts to finish.  The scripts are executed
       as  root  (with  the real and effective user-id set to 0), so that they
       can do things such as update routing tables or run privileged  daemons.
       Be  careful  that  the contents of these scripts do not compromise your
       system's security.  Pppd runs the scripts with standard  input,  output
       and  error  redirected  to  /dev/null,  and with an environment that is
       empty except for some environment variables that give information about
       the link.  The environment variables that pppd sets are:

       DEVICE The name of the serial tty device being used.

       IFNAME The name of the network interface being used.

       IPLOCAL
              The  IP address for the local end of the link.  This is only set
              when IPCP has come up.

       IPREMOTE
              The IP address for the remote end of the link.  This is only set
              when IPCP has come up.

       PEERNAME
              The  authenticated  name  of  the peer.  This is only set if the
              peer authenticates itself.

       SPEED  The baud rate of the tty device.

       ORIG_UID
              The real user-id of the user who invoked pppd.

       PPPLOGNAME
              The username of the real user-id  that  invoked  pppd.  This  is
              always set.

       For  the  ip-down  and  auth-down scripts, pppd also sets the following
       variables giving statistics for the connection:

       CONNECT_TIME
              The number of seconds from  when  the  PPP  negotiation  started
              until the connection was terminated.

       BYTES_SENT
              The  number  of  bytes  sent  (at  the level of the serial port)
              during the connection.

       BYTES_RCVD
              The number of bytes received (at the level of the  serial  port)
              during the connection.

       LINKNAME
              The logical name of the link, set with the linkname option.

       Pppd  invokes the following scripts, if they exist.  It is not an error
       if they don't exist.

       /etc/ppp/auth-up
              A program or script which is executed after  the  remote  system
              successfully  authenticates  itself.   It  is  executed with the
              parameters

              interface-name peer-name user-name tty-device speed

              Note that this script  is  not  executed  if  the  peer  doesn't
              authenticate itself, for example when the noauth option is used.

       /etc/ppp/auth-down
              A program or script which is executed when the link  goes  down,
              if  /etc/ppp/auth-up was previously executed.  It is executed in
              the same manner with the same parameters as /etc/ppp/auth-up.

       /etc/ppp/ip-up
              當線路可以傳送以及接收IP封包時(也就是IPCP完成
              時)執行的一支程式或指令稿。它是以界悸漲W稱、終端
              設備、速度、本地-IP-位址、遠端-IP-位址為參數執行。

              interface-name  tty-device  speed  local-IP-address   remote-IP-
              address ipparam

       /etc/ppp/ip-down
              當線路不再允雀e以及接收IP封包時執行的一支程式    或指令稿。這-
              茷令稿可以用來回復/etc/ppp/ip-up指        令稿的影響。它以與ip-
              up指令稿相同的參數啟動。

       /etc/ppp/ipv6-up
              Like /etc/ppp/ip-up, except that it is executed when the link is
              available for sending and receiving IPv6 packets. It is executed
              with the parameters

              interface-name tty-device speed local-link-local-address remote-
              link-local-address ipparam

       /etc/ppp/ipv6-down
              Similar to  /etc/ppp/ip-down,  but  it  is  executed  when  IPv6
              packets can no longer be transmitted on the link. It is executed
              with the same parameters as the ipv6-up script.

       /etc/ppp/ipx-up
              A program or script which is executed when the link is available
              for  sending  and receiving IPX packets (that is, IPXCP has come
              up).  It is executed with the parameters

              interface-name tty-device speed  network-number  local-IPX-node-
              address    remote-IPX-node-address    local-IPX-routing-protocol
              remote-IPX-routing-protocol  local-IPX-router-name   remote-IPX-
              router-name ipparam pppd-pid

              The  local-IPX-routing-protocol  and remote-IPX-routing-protocol
              field may be one of the following:

              NONE      to indicate that there is no routing protocol
              RIP       to indicate that RIP/SAP should be used
              NLSP      to indicate that Novell NLSP should be used
              RIP NLSP  to indicate that both RIP/SAP and NLSP should be used

       /etc/ppp/ipx-down
              A program or script which is executed when the link is no longer
              available  for  sending  and receiving IPX packets.  This script
              can be used for  undoing  the  effects  of  the  /etc/ppp/ipx-up
              script.   It  is  invoked  in  the same manner and with the same
              parameters as the ipx-up script.

 FILES
       /var/run/pppn.pid (BSD or Linux), /etc/ppp/pppn.pid (others)
              在ppp界掖璊罩上的ppp程式之Process-ID。

       /var/run/ppp-name.pid (BSD or Linux), /etc/ppp/ppp-name.pid (others)
              Process-ID for pppd process  for  logical  link  name  (see  the
              linkname option).

       /etc/ppp/pap-secrets
               由PAP驗証所使用的使用者名稱、密碼以及IP位址。  This file should
              be owned by root and not readable or writable by any other user.
              Pppd will log a warning if this is not the case.

       /etc/ppp/chap-secrets
               由CHAP驗証所使用的名稱、暗號以及IP位址。
               As  for /etc/ppp/pap-secrets, this file should be owned by root
              and not readable or writable by any other user.  Pppd will log a
              warning if this is not the case.

       /etc/ppp/options
               pppd的系統預設選項,在使用者預設選項或指令列選項之前讀取。

       ~/.ppprc
               使用者預設選項,在指令列選項之前讀取。

       /etc/ppp/options.ttyname
               所n使用之串列埠的系統預設選項,在指令列之後讀取。read     after
              ~/.ppprc.  In forming the ttyname  part  of  this  filename,  an
              initial  /dev/  is stripped from the port name (if present), and
              any slashes in the remaining part are converted to dots.

       /etc/ppp/peers
              A  directory  containing  options  files   which   may   contain
              privileged  options,  even  if  pppd was invoked by a user other
              than root.  The system administrator can create options files in
              this  directory  to  permit  non-privileged  users  to  dial out
              without requiring the peer to authenticate, but only to  certain
              trusted peers.

 SEE ALSO
       RFC1144
              Jacobson,  V.   Compressing  TCP/IP headers for low-speed serial
              links.  February 1990.

       RFC1321
              Rivest, R.  The MD5 Message-Digest Algorithm.  April 1992.

       RFC1332
              McGregor, G.  PPP Internet  Protocol  Control  Protocol  (IPCP).
              May 1992.

       RFC1334
              Lloyd, B.; Simpson, W.A.  PPP authentication protocols.  October
              1992.

       RFC1661
              Simpson, W.A.  The Point-to-Point Protocol (PPP).  July 1994.

       RFC1662
              Simpson, W.A.  PPP in HDLC-like Framing.  July 1994.

       RFC2472
              Haskin, D.  IP Version 6 over PPP December 1998.

`N NOTES
       下列信號傳送到pppd程式時有特別的影響

       SIGINT, SIGTERM
              這些信號使得pppd終止該連線(關閉LCP),回存串列
              串列設備的設定,並結束離開。

       SIGHUP 指出實體層已經被斷線。pppd將會試圖回存串列設備的設
              定(這可能會在Suns上產生錯誤訊息),然後結束離開。
               If the persist or demand option has been specified,  pppd  will
              try  to  reopen  the  serial device and start another connection
              (after the holdoff period).  Otherwise pppd will exit.  If  this
              signal  is received during the holdoff period, it causes pppd to
              end the holdoff period immediately.

       SIGUSR1
              This signal toggles the state of the debug option.

       SIGUSR2
              This signal causes pppd to renegotiate compression.  This can be
              useful  to re-enable compression after it has been disabled as a
              result of a fatal  decompression  error.   (Fatal  decompression
              errors generally indicate a bug in one or other implementation.)

@ AUTHOR S
       Paul Mackerras (Paul.Mackerras@cs.anu.edu.au), based on earlier work by
       Drew Perkins, Brad Clements, Karl Fox, Greg Christy, and Brad Parker.

[]
      n{Linux Man <asdchen@pc2.hinet.net> <Best Linux> 1999

[]
       1995/10/08

mlinuxan:
       http://cmpp.linuxforum.net

                                                                       PPPD(8)