Provided by: manpages-zh_1.5.2-1_all bug

NAME

       pppd - 點對點協議守護進程

總覽 SYNOPSIS
       pppd [ tty_name ] [ speed ] [ options ]

描述
       點對點協議   (PPP)   提供一種在點對點串列線路上傳輸資料流  (datagrams)的方法。PPP是由三個部份所組成的:一個在串列線
       路上封裝(encapsulating)資料流的方法,一個可延伸的連結控制
       協定(LinkControlProtocol:LCP),以及一些用來建立並配置不
       同網路層協定的網路控制協定(NetworkControlProtocols:NCP)

       封裝的機制(scheme)是由核心中的驅動程式碼來提供。pppd提供
       基本的LCP,驗証(authentication)的支援,以及一個用來建立
       並配置網際網路協定(InternatProtocol(IP))(叫做IP控制 協定,IPCP)的NCP。

 常用選項 FREQUENTLY USED OPTIONS
       <tty_name>
               在該名稱的設備上進行通訊。如果需要的話可以前置一個        "/dev/"字串。如果沒有給設備名稱,pppd將會使用控制
              台的終端機(controllingteriminal),並且產生(fork)出 來時將不會把自己放到背景去。

       <speed>
               將波特率設為speed。在像是4.4BSD以及NetBSA的系   統上,可以指定任何速率。其他系統(e.g.SunOs)只允
              許有限的幾種速率。

       asyncmap <map>
               把非同步(async)字元設為對照到。這個對照表            描述哪些控制字元不能在串列線路上成功地接收。pppd將
              會要求彼端以兩個位元組的逸出序列(escapesequence)來      傳送這些字元。其參數是32位元的十六進位數字而每個
              位元代表一個得避開(escape)的字元。位元0(00000001)
              代表字元0x00;位元31(80000000)代表字元0x1f或    是^_。如果給了多個asyncmap選項,這些數值會以邏
              輯的或(OR)合在一起。如果沒有給asyncmap選項,將沒         有非同步字元對照表會被加以協商來導引接收。這樣彼端
              將會避開所有的控制字元。

       auth   要求彼端在允許傳送或接收網路封包之前先驗証它自己。  This  option  is  the  default if the
              system has a default route.  If  neither  this  option  nor  the
              noauth option is specified, pppd will only allow the peer to use
              IP addresses to which the system does not already have a route.

       call name
              Read options from the file /etc/ppp/peers/name.  This  file  may
              contain  privileged options, such as noauth, even if pppd is not
              being run by root.  The name string may  not  begin  with  /  or
              include  ..  as a pathname component.  The format of the options
              file is described below.

       connect script
               使用以所指定的可執行指令或是shell指令來設定            串列線路。這個指令稿一般會使用"chat"程式來撥數據
              機並開始遠端ppp區段作業(session)。   A   value   for  this  option  from  a
              privileged source cannot be overridden by a non-privileged user.

       crtscts
              使用硬體流量控制(i.e.RTS/CTS)來控制串列埠上的資料流。 If neither  the  crtscts,  the
              nocrtscts,  the  cdtrcts  nor the nocdtrcts option is given, the
              hardware flow control  setting  for  the  serial  port  is  left
              unchanged.   Some  serial ports (such as Macintosh serial ports)
              lack a true RTS output. Such  serial  ports  use  this  mode  to
              implement  unidirectional  flow  control.  The  serial port will
              suspend transmission when requested by the modem (via  CTS)  but
              will  be  unable  to  request  the  modem  stop  sending  to the
              computer. This mode retains the ability to use DTR  as  a  modem
              control line.

       defaultroute
               當IPCP協商完全成功時,增加一個預設遞送路徑到系統 的遞送表,將彼端當作閘道器使用。這個項目在ppp連線 中斷後會移除。

       disconnect script
               在pppd已經終結該連線之後執行以所指定的可執行            指令或是shell指令。這個指令稿可以用來,例如,如果
              硬體的數據機控制信號無法使用時,發出指令給數據機使 其掛斷電話。 The disconnect  script  is  not
              run  if  the modem has already hung up.  A value for this option
              from  a  privileged  source  cannot  be  overridden  by  a  non-
              privileged user.

       escape xx,yy,...
               指定在傳輸上確實應該要避開的字元(不管對方是否有用             它的非同步控制字元對照表要求避開它們)。這些要被避
              開的字元是以用逗號隔開的一串十六進位數字指定的。要            注意到幾乎任何字元都可以用escape選項指定避開,不
              像asyncmap選項只允許指定控制字元。不能避開的字元 是那些有十六進位值0x20-0x3f或是0x5e者。

       file name
               從檔案裏讀取選項(其格式敘述在後) The file must be readable by the user who has
              invoked pppd.

       init script
              Run the executable or  shell  command  specified  by  script  to
              initialize the serial line.  This script would typically use the
              chat(8) program to configure the modem to enable auto answer.  A
              value  for  this  option  from  a  privileged  source  cannot be
              overridden by a non-privileged user.

       lock   指定pppd應該在此串列設備上使用UUCP式的鎖定以確 定對該設備為互斥(exclusive)存取。

       mru n  把MRU[MaximumReceiveUnit最大接收單元]的值設為      n來進行協商。pppd將會要求彼端傳送不比位元組
              更長的封包。最小的MRU值是128。預設的MRU值則是         1500。對於慢速線路上的建議值是296(其中40個位元
              組給TCP/IP表頭+256個位元組的資料)。
               (Note that for IPv6 MRU must be at least 1280)

       mtu n
               將MTU[MaximumTransmitUnit最大傳輸單元]的值設  為n。除非彼端經由MRU協商要求一個更小的值,pppd
              將會要求核心網路程式碼透過PPP網路界面所傳送的資料 封包不超過n個位元組。
               (Note that for IPv6 MTU must be at least 1280)

       passive
               在LCP中開啟"passive"選項。加上這個選項,pppd將       會試圖初使一個連線;如果沒有從彼端接收到回應,那麼
              pppd將只會被動地等待從彼端所傳來的一個有效LCP封 包(代替結束離開,就像它在沒有這個選項時所作的)。

選項 OPTIONS
       <local_IP_address>:<remote_IP_address>
               設定本地以及/或是遠端界面的IP位址。兩者之中的任             何一個都可以省略。該IP位址可以利用主機名稱或者是
              十進位數值加小數點符號指定(e.g.150.234.56.78)。     預設的本地位址是系統的(第一個)IP位址(除非有加上
              noipdefault選項)。遠端位址如果沒有在任何選項中指         定的話將從彼端取得。因此,在簡單的案例中,這個選項
              不是必須的。如果有一個本地以及/或是遠端的IP位址           以這個選項加以指定的話,pppd將不會接受在IPCP協商
              中從彼端所傳來不同的值,除非加上ipcp-accept-local 以及/或是ipcp-accept-remote選項,個別地。

       ipv6 <local_interface_identifier>,<remote_interface_identifier>
              Set the local and/or remote 64-bit interface identifier.  Either
              one may be omitted. The identifier must be specified in standard
              ascii notation of IPv6  addresses  (e.g.  ::dead:beef).  If  the
              ipv6cp-use-ipaddr  option  is given, the local identifier is the
              local IPv4 address (see above).  On  systems  which  supports  a
              unique  persistent  id, such as EUI-48 derived from the Ethernet
              MAC address, ipv6cp-use-persistent option can be used to replace
              the  ipv6  <local>,<remote>  option. Otherwise the identifier is
              randomized.

       active-filter filter-expression
              Specifies a packet filter to  be  applied  to  data  packets  to
              determine which packets are to be regarded as link activity, and
              therefore reset the idle timer, or cause the link to be  brought
              up   in   demand-dialling   mode.   This  option  is  useful  in
              conjunction with the idle option if there are packets being sent
              or  received  regularly  over  the  link  (for  example, routing
              information packets) which would otherwise prevent the link from
              ever  appearing  to be idle.  The filter-expression syntax is as
              described for  tcpdump(1),  except  that  qualifiers  which  are
              inappropriate  for  a  PPP  link, such as ether and arp, are not
              permitted.  Generally the filter expression should  be  enclosed
              in  single-quotes  to  prevent whitespace in the expression from
              being interpreted by the shell. This option  is  currently  only
              available  under  NetBSD,  and  then only if both the kernel and
              pppd were compiled with PPP_FILTER defined.

       allow-ip address(es)
              Allow peers to use  the  given  IP  address  or  subnet  without
              authenticating  themselves.  The parameter is parsed as for each
              element of the list of allowed IP addresses in the secrets files
              (see the AUTHENTICATION section below).

       bsdcomp nr,nt
              Request  that the peer compress packets that it sends, using the
              BSD-Compress scheme, with a maximum code size of  nr  bits,  and
              agree  to  compress packets sent to the peer with a maximum code
              size of nt bits.  If nt is not specified,  it  defaults  to  the
              value given for nr.  Values in the range 9 to 15 may be used for
              nr and nt; larger values give  better  compression  but  consume
              more kernel memory for compression dictionaries.  Alternatively,
              a  value  of  0  for  nr  or  nt  disables  compression  in  the
              corresponding  direction.  Use nobsdcomp or bsdcomp 0 to disable
              BSD-Compress compression entirely.

       cdtrcts
              Use a non-standard  hardware  flow  control  (i.e.  DTR/CTS)  to
              control  the  flow  of  data on the serial port.  If neither the
              crtscts, the nocrtscts, the cdtrcts nor the nocdtrcts option  is
              given,  the hardware flow control setting for the serial port is
              left unchanged.  Some serial ports  (such  as  Macintosh  serial
              ports)  lack  a true RTS output. Such serial ports use this mode
              to implement true bi-directional flow control. The sacrifice  is
              that this flow control mode does not permit using DTR as a modem
              control line.

       chap-interval n
               如果有給這個選項,pppd將會每n 秒重新盤查彼端。

       chap-max-challenge n
               將CHAP盤查(challenge)傳輸的最大數目設為n(預 設為10)。

       chap-restart n
               將CHAP重新開始的間隔(重新傳輸的時間限制)設為n 秒鐘(預設為3)。

       connect-delay n
              Wait for up n milliseconds after the connect script finishes for
              a  valid  PPP packet from the peer.  At the end of this time, or
              when a valid PPP packet is received from  the  peer,  pppd  will
              commence  negotiation  by  sending  its  first  LCP packet.  The
              default value is 1000 (1 second).  This wait period only applies
              if the connect or pty option is used.

       debug  遞增偵錯層級(與-d相同)。如果加上這個選項,pppd           將以可供閱讀的格式記錄所有傳送或接收的控制封包內容。
              這些封包透過syslog以facilitydaemon還有level
              debug加以記錄。該資訊可以適當設定/etc/syslog.conf
              來導向到一個檔案去。(參閱syslog.conf(5))。(如果
              pppd以開啟擴充偵錯(extradebugging)編譯的話,它將
              會使用facilitylocal2取代daemon來記錄訊息)。

       default-asyncmap
              Disable asyncmap negotiation, forcing all control characters  to
              be escaped for both the transmit and the receive direction.

       default-mru
              Disable  MRU  [Maximum  Receive  Unit]  negotiation.   With this
              option, pppd will use the default MRU value of  1500  bytes  for
              both the transmit and receive direction.

       deflate nr,nt
              Request  that the peer compress packets that it sends, using the
              Deflate scheme, with a maximum window size of 2**nr  bytes,  and
              agree to compress packets sent to the peer with a maximum window
              size of 2**nt bytes.  If nt is not specified, it defaults to the
              value given for nr.  Values in the range 9 to 15 may be used for
              nr and nt; larger values give  better  compression  but  consume
              more kernel memory for compression dictionaries.  Alternatively,
              a  value  of  0  for  nr  or  nt  disables  compression  in  the
              corresponding  direction.  Use nodeflate or deflate 0 to disable
              Deflate compression  entirely.   (Note:  pppd  requests  Deflate
              compression  in  preference  to  BSD-Compress if the peer can do
              either.)

       demand Initiate the link only on demand,  i.e.  when  data  traffic  is
              present.   With  this  option,  the  remote  IP  address must be
              specified by the user on the command line or in an options file.
              Pppd will initially configure the interface and enable it for IP
              traffic  without  connecting  to  the  peer.   When  traffic  is
              available,   pppd   will   connect   to  the  peer  and  perform
              negotiation, authentication, etc.  When this is completed,  pppd
              will commence passing data packets (i.e., IP packets) across the
              link.

              The demand option implies the persist option.  If this behaviour
              is  not  desired,  use  the  nopersist  option  after the demand
              option.  The  idle  and  holdoff  options  are  also  useful  in
              conjuction with the demand option.

       domain d
               新增領域名稱到本地主機名稱以支援驗証。例如,如       果gethostname()回應porsche這個名稱,但是完整合
              格的領域名稱是porsche.Quotron.COM的話,你可以使用 domain選項來將領域名稱設為Quotron.COM。
               Pppd would then use the name porsche.Quotron.COM for looking up
              secrets  in the secrets file, and as the default name to send to
              the peer when authenticating itself to the peer.  This option is
              privileged.

       dryrun With  the  dryrun  option,  pppd  will  print out all the option
              values which have been set and  then  exit,  after  parsing  the
              command  line  and options files and checking the option values,
              but before initiating the link.  The option values are logged at
              level  info,  and  also  printed  to  standard output unless the
              device on standard output is the device that pppd would be using
              to communicate with the peer.

       dump   With  the dump option, pppd will print out all the option values
              which have been set.  This option  is  like  the  dryrun  option
              except that pppd proceeds as normal rather than exiting.

       endpoint <epdisc>
              Sets the endpoint discriminator sent by the local machine to the
              peer during multilink negotiation to <epdisc>.  The  default  is
              to  use  the  MAC address of the first ethernet interface on the
              system, if any, otherwise the IPv4 address corresponding to  the
              hostname,  if  any,  provided  it  is  not  in  the multicast or
              locally-assigned IP address ranges, or  the  localhost  address.
              The endpoint discriminator can be the string null or of the form
              type:value, where type is a decimal number or one of the strings
              local,  IP, MAC, magic, or phone.  The value is an IP address in
              dotted-decimal notation for the IP type, or a string of bytes in
              hexadecimal, separated by periods or colons for the other types.
              For the MAC type, the value may also be the name of an  ethernet
              or  similar  network  interface.   This option is currently only
              available under Linux.

       hide-password
              When logging the contents of PAP  packets,  this  option  causes
              pppd  to  exclude the password string from the log.  This is the
              default.

       holdoff n
              Specifies how many seconds to wait before re-initiating the link
              after  it  terminates.   This  option only has any effect if the
              persist or demand option is used.  The  holdoff  period  is  not
              applied if the link was terminated because it was idle.

       idle n Specifies  that pppd should disconnect if the link is idle for n
              seconds.  The link  is  idle  when  no  data  packets  (i.e.  IP
              packets)  are being sent or received.  Note: it is not advisable
              to use this option with the persist option  without  the  demand
              option.   If  the  active-filter  option  is given, data packets
              which are rejected by the specified activity filter  also  count
              as the link being idle.

       ipcp-accept-local
              加上這個選項的話,pppd將會接受彼端對於本地IP位址 的意見,即使本地的IP位址已經在某個選項中指定。

       ipcp-accept-remote
              加上這個選項的話,pppd將會接受彼端對於它的IP位址 的意見,即使遠端的IP位址已經在某個選項中指定。

       ipcp-max-configure n
               將IPCP配置要求(configure-request)傳輸的最大數目設 為n(預設為10)。

       ipcp-max-failure n
              將開始傳送配置拒絕(configure-Rejects)之前的IPCP配             置未接收(configure-
              NAKs)的最大數目以取代n(預設 為10)。

       ipcp-max-terminate n
               將IPCP終結要求(terminate-request)傳輸的最大數目設 為 n(預設為3)。

       ipcp-restart n
               將IPCP重新開始的間隔(重新傳輸的時間限制)設為n 秒鐘(預設為3)。

       ipparam string
              Provides an extra parameter to the ip-up  and  ip-down  scripts.
              If this option is given, the string supplied is given as the 6th
              parameter to those scripts.

       ipv6cp-max-configure n
              Set the maximum number of IPv6CP configure-request transmissions
              to n (default 10).

       ipv6cp-max-failure n
              Set  the maximum number of IPv6CP configure-NAKs returned before
              starting to send configure-Rejects instead to n (default 10).

       ipv6cp-max-terminate n
              Set the maximum number of IPv6CP terminate-request transmissions
              to n (default 3).

       ipv6cp-restart n
              Set  the  IPv6CP  restart interval (retransmission timeout) to n
              seconds (default 3).

       ipx    Enable the IPXCP and IPX protocols.  This  option  is  presently
              only  supported  under  Linux,  and only if your kernel has been
              configured to include IPX support.

       ipx-network n
              Set the IPX network number in the IPXCP configure request  frame
              to  n, a hexadecimal number (without a leading 0x).  There is no
              valid default.  If this option is  not  specified,  the  network
              number is obtained from the peer.  If the peer does not have the
              network number, the IPX protocol will not be started.

       ipx-node n:m
              Set the IPX node numbers. The two  node  numbers  are  separated
              from  each  other  with a colon character. The first number n is
              the local node number. The second number m is  the  peer's  node
              number.  Each  node  number  is a hexadecimal number, at most 10
              digits long. The node numbers on the ipx-network must be unique.
              There  is no valid default. If this option is not specified then
              the node numbers are obtained from the peer.

       ipx-router-name <string>
              Set the name of the router. This is a string and is sent to  the
              peer as information data.

       ipx-routing n
              Set  the  routing  protocol  to be received by this option. More
              than one instance of ipx-routing may be  specified.  The  'none'
              option (0) may be specified as the only instance of ipx-routing.
              The values may be 0 for NONE, 2 for RIP/SAP, and 4 for NLSP.

       ipxcp-accept-local
              Accept the peer's NAK for the node number specified in the  ipx-
              node  option.  If a node number was specified, and non-zero, the
              default is to insist that the value be used. If you include this
              option  then  you  will permit the peer to override the entry of
              the node number.

       ipxcp-accept-network
              Accept the peer's NAK for the network number  specified  in  the
              ipx-network  option. If a network number was specified, and non-
              zero, the default is to insist that the value be  used.  If  you
              include  this  option  then you will permit the peer to override
              the entry of the node number.

       ipxcp-accept-remote
              Use the peer's network number specified in the configure request
              frame.  If  a  node  number  was specified for the peer and this
              option was not specified, the peer will be  forced  to  use  the
              value which you have specified.

       ipxcp-max-configure n
              Set  the  maximum number of IPXCP configure request frames which
              the system will send to n. The default is 10.

       ipxcp-max-failure n
              Set the maximum number of  IPXCP  NAK  frames  which  the  local
              system  will  send  before  it  rejects the options. The default
              value is 3.

       ipxcp-max-terminate n
              Set the maximum nuber of IPXCP terminate request  frames  before
              the  local  system  considers  that the peer is not listening to
              them. The default value is 3.

       kdebug n
              開啟核心層級中的PPP驅動程式偵錯碼。The argument values depend  on  the  specific
              kernel  driver,  but in general a value of 1 will enable general
              kernel debug messages.  (Note that these  messages  are  usually
              only  useful  for  debugging the kernel driver itself.)  For the
              Linux  2.2.x  kernel  driver,  參數n是一個  由下列值所組合的數字:1開啟一般偵錯訊息,2要求印
              出所接收到的封包內容,而4要求印出傳輸的封包內容。  On  most systems, messages printed by
              the kernel are logged by syslog(1) to a file as directed in  the
              /etc/syslog.conf configuration file.

       ktune  Enables  pppd  to  alter  kernel settings as appropriate.  Under
              Linux,   pppd   will   enable   IP    forwarding    (i.e.    set
              /proc/sys/net/ipv4/ip_forward  to  1)  if the proxyarp option is
              used, and will enable the dynamic IP address  option  (i.e.  set
              /proc/sys/net/ipv4/ip_dynaddr  to 1) in demand mode if the local
              address changes.

       lcp-echo-failure n
               如果有給這個選項,那麼如果傳送n個LCP回應要求沒           有接收到有效的LCP回應回覆的話pppd將會推測彼端是
              死掉的。如果發生這種情形,pppd將會終結該連線。這個    選項的使用要求一個非零的lcp-echo-interval參數值。
              這個選項可以用在硬體數據機控制線路無法使用的情況下 當實際連線被中斷之後(e.g.,數據機已經掛斷)終結 pppd的執行。

       lcp-echo-interval n
              如果有給這個選項,pppd每秒將會送出一個LCP回  應要求(echo-request)封包(frame)給彼端。在Linux系
              統下,回應要求在n秒內沒有從彼端接收到封包時會被送        出。一般彼端應該以傳送一個回應回覆(echo-reply)來反
              應該回應要求。這個選項可以與lcp-echo-failure選項 一起使用來偵測不再連線的彼端。

       lcp-max-configure n
               將LCP配置要求(configure-request)傳輸的最大數目設 為n(預設為10)。

       lcp-max-failure n
               將開始傳送配置拒絕(configure-Rejects)之前的LCP配             置未接收(configure-
              NAKs)的最大數目設置為n(預設 為10)。

       lcp-max-terminate n
               將LCP終結要求(terminate-request)傳輸的最大數目設 為n(預設為3)。

       lcp-restart n
              將LCP重新開始的間隔(重新傳輸的時間限制)設為 秒鐘(預設為3)。

       linkname name
              Sets  the  logical name of the link to name.  Pppd will create a
              file  named  ppp-name.pid  in  /var/run  (or  /etc/ppp  on  some
              systems)  containing  its  process  ID.   This  can be useful in
              determining which instance of pppd is responsible for  the  link
              to a given peer system.  This is a privileged option.

       local  不要使用數據機控制線路。   With  this  option, pppd will ignore the state of
              the CD (Carrier Detect) signal  from  the  modem  and  will  not
              change the state of the DTR (Data Terminal Ready) signal.

       logfd n
              Send  log  messages  to  file  descriptor n.  Pppd will send log
              messages to at most one file or  file  descriptor  (as  well  as
              sending  the  log  messages  to  syslog), so this option and the
              logfile option are mutually exclusive.  The default is for  pppd
              to  send  log messages to stdout (file descriptor 1), unless the
              serial port is already open on stdout.

       logfile filename
              Append log messages to the file filename (as well as sending the
              log messages to syslog).  The file is opened with the privileges
              of the user who invoked pppd, in append mode.

       login  使用系統密碼資料庫驗証使用PAP的彼端。 and record the  user  in  the  system  wtmp
              file.    Note   that   the  peer  must  have  an  entry  in  the
              /etc/ppp/pap-secrets  file  as  well  as  the  system   password
              database to be allowed access.

       maxconnect n
              Terminate  the connection when it has been available for network
              traffic for n seconds (i.e. n seconds after  the  first  network
              control protocol comes up).

       maxfail n
              Terminate  after  n  consecutive  failed connection attempts.  A
              value of 0 means no limit.  The default value is 10.

       modem  使用數據機控制線路。This option is the default.  With  this  option,  pppd
              will  wait  for the CD (Carrier Detect) signal from the modem to
              be asserted when opening the serial  device  (unless  a  connect
              script  is  specified),  and it will drop the DTR (Data Terminal
              Ready) signal briefly when  the  connection  is  terminated  and
              before   executing   the   connect   script.   在Ultrix上,這個選項會實作硬
              體流量控制,像crtsct選項作的。

       mp     Enables the use of PPP multilink;  this  is  an  alias  for  the
              `multilink'  option.   This  option  is currently only available
              under Linux.

       mpshortseq
              Enables the use of short (12-bit) sequence numbers in  multilink
              headers,  as opposed to 24-bit sequence numbers.  This option is
              only available under Linux, and only has any effect if multilink
              is enabled (see the multilink option).

       mrru n Sets  the  Maximum Reconstructed Receive Unit to n.  The MRRU is
              the maximum size for a received packet on  a  multilink  bundle,
              and  is  analogous  to  the  MRU for the individual links.  This
              option is currently only available under Linux, and only has any
              effect if multilink is enabled (see the multilink option).

       ms-dns <addr>
              If  pppd  is  acting  as a server for Microsoft Windows clients,
              this option allows pppd to supply one or two  DNS  (Domain  Name
              Server)  addresses  to  the clients.  The first instance of this
              option specifies the primary DNS address;  the  second  instance
              (if  given)  specifies  the secondary DNS address.  (This option
              was present in some older versions of pppd under the  name  dns-
              addr.)

       ms-wins <addr>
              If  pppd  is acting as a server for Microsoft Windows or "Samba"
              clients, this option allows pppd  to  supply  one  or  two  WINS
              (Windows   Internet  Name  Services)  server  addresses  to  the
              clients.  The  first  instance  of  this  option  specifies  the
              primary  WINS  address; the second instance (if given) specifies
              the secondary WINS address.

       multilink
              Enables the use of the PPP multilink protocol.  If the peer also
              supports  multilink,  then this link can become part of a bundle
              between the local system and the peer.  If there is an  existing
              bundle  to  the  peer,  pppd will join this link to that bundle,
              otherwise pppd will create a  new  bundle.   See  the  MULTILINK
              section  below.   This  option is currently only available under
              Linux.

       name name
              將本地系統的名稱設為用來進行驗証。  This  is  a  privileged  option.   With  this
              option, pppd will use lines in the secrets files which have name
              as the second  field  when  looking  for  a  secret  to  use  in
              authenticating  the  peer.   In addition, unless overridden with
              the user option, name will be used as the name to  send  to  the
              peer  when  authenticating  the local system to the peer.  (Note
              that pppd does not append the domain name to name.)

       netmask n
               把該界面網路掩碼設為,這是一個以〞十進位數值加         小數點〞("decimaldot")符號表示的32位元網路掩碼
              (e.g.255.255.255.0)。If this option is given, the value specified
              is ORed with the default netmask.  The default netmask is chosen
              based on the negotiated remote IP address; it is the appropriate
              network mask for the class of the remote IP address,  ORed  with
              the  netmasks  for  any non point-to-point network interfaces in
              the system which are  on  the  same  network.   (Note:  on  some
              platforms, pppd will always use 255.255.255.255 for the netmask,
              if that is the  only  appropriate  value  for  a  point-to-point
              interface.)

       noaccomp
              Disable Address/Control compression in both directions (send and
              receive).

       noauth Do not require the peer to authenticate itself.  This option  is
              privileged.

       nobsdcomp
              Disables  BSD-Compress  compression;  pppd  will  not request or
              agree to compress packets using the BSD-Compress scheme.

       noccp  Disable CCP (Compression Control  Protocol)  negotiation.   This
              option  should  only  be  required if the peer is buggy and gets
              confused by requests from pppd for CCP negotiation.

       nocrtscts
              Disable hardware flow control (i.e. RTS/CTS) on the serial port.
              If neither the crtscts nor the nocrtscts nor the cdtrcts nor the
              nocdtrcts option is given, the hardware flow control setting for
              the serial port is left unchanged.

       nocdtrcts
              This  option is a synonym for nocrtscts. Either of these options
              will disable both forms of hardware flow control.

       nodefaultroute
              Disable the defaultroute option.  The system  administrator  who
              wishes  to  prevent users from creating default routes with pppd
              can do so by placing this option in the /etc/ppp/options file.

       nodeflate
              Disables Deflate compression; pppd will not request or agree  to
              compress packets using the Deflate scheme.

       nodetach
              Don't  detach  from  the  controlling  terminal.   Without  this
              option, if a serial  device  other  than  the  terminal  on  the
              standard  input  is  specified,  pppd  will  fork  to  become  a
              background process.

       noendpoint
              Disables pppd from sending an endpoint discriminator to the peer
              or  accepting  one  from  the  peer  (see  the MULTILINK section
              below).  This option should only be  required  if  the  peer  is
              buggy.

       noip   Disable  IPCP  negotiation  and  IP  communication.  This option
              should only be required if the peer is buggy and  gets  confused
              by requests from pppd for IPCP negotiation.

       noipv6 Disable  IPv6CP  negotiation and IPv6 communication. This option
              should only be required if the peer is buggy and  gets  confused
              by requests from pppd for IPv6CP negotiation.

       noipdefault
              關閉在沒有指定本地IP位址時所進行的預設動作,這是              用來由從主機名稱決定(如果可能的話)決定本地IP位
              址。加上這個選項的話,彼端將必須在進行IPCP協商時 (除非在指令列或在選項檔中明確地指定它)提供本地的 IP位址。

       noipx  Disable the IPXCP and IPX protocols.  This option should only be
              required if the peer is buggy and gets confused by requests from
              pppd for IPXCP negotiation.

       noktune
              Opposite of the ktune option; disables pppd from changing system
              settings.

       nolog  Do  not  send  log  messages to a file or file descriptor.  This
              option cancels the logfd and logfile options.

       nomagic
              Disable magic number negotiation.  With this option, pppd cannot
              detect a looped-back line.  This option should only be needed if
              the peer is buggy.

       nomp   Disables the use of PPP multilink.   This  option  is  currently
              only available under Linux.

       nompshortseq
              Disables  the  use of short (12-bit) sequence numbers in the PPP
              multilink protocol, forcing the use of 24-bit sequence  numbers.
              This  option  is  currently only available under Linux, and only
              has any effect if multilink is enabled.

       nomultilink
              Disables the use of PPP multilink.   This  option  is  currently
              only available under Linux.

       nopcomp
              Disable  protocol  field  compression  negotiation  in  both the
              receive and the transmit direction.

       nopersist
              Exit once a connection has been made and  terminated.   This  is
              the  default  unless  the  persist  or  demand  option  has been
              specified.

       nopredictor1
              Do not accept or agree to Predictor-1 compression.

       noproxyarp
              Disable the  proxyarp  option.   The  system  administrator  who
              wishes  to  prevent  users  from creating proxy ARP entries with
              pppd can do so by placing this option  in  the  /etc/ppp/options
              file.

       notty  Normally,  pppd  requires  a terminal device.  With this option,
              pppd will allocate itself a pseudo-tty master/slave pair and use
              the  slave  as  its  terminal  device.  Pppd will create a child
              process to act as a `character  shunt'  to  transfer  characters
              between the pseudo-tty master and its standard input and output.
              Thus pppd will transmit characters on its  standard  output  and
              receive  characters  on  its standard input even if they are not
              terminal devices.  This option increases  the  latency  and  CPU
              overhead  of  transferring data over the ppp interface as all of
              the characters sent and received must flow through the character
              shunt process.  An explicit device name may not be given if this
              option is used.

       novj   Disable Van Jacobson style TCP/IP header compression in both the
              transmit and the receive direction.

       novjccomp
              Disable  the  connection-ID  compression  option in Van Jacobson
              style TCP/IP header compression.  With this  option,  pppd  will
              not  omit  the  connection-ID  byte from Van Jacobson compressed
              TCP/IP headers, nor ask the peer to do so.

       papcrypt
              Indicates that all  secrets  in  the  /etc/ppp/pap-secrets  file
              which  are  used  for  checking  the  identity  of  the peer are
              encrypted, and thus pppd should not  accept  a  password  which,
              before   encryption,   is  identical  to  the  secret  from  the
              /etc/ppp/pap-secrets file.

       pap-max-authreq n
               將PAP驗証要求(authenticate-request)傳輸的最大數目 設為n(預設為10)。

       pap-restart n
               將PAP重新開始的間隔(重新傳輸的時間限制)設為n 秒鐘(預設為3)。

       pap-timeout n
              Set the maximum time  that  pppd  will  wait  for  the  peer  to
              authenticate itself with PAP to n seconds (0 means no limit).

       pass-filter filter-expression
              Specifies  a packet filter to applied to data packets being sent
              or received to determine which  packets  should  be  allowed  to
              pass.   Packets  which  are  rejected by the filter are silently
              discarded.  This option can be used to prevent specific  network
              daemons  (such as routed) using up link bandwidth, or to provide
              a basic firewall capability.  The filter-expression syntax is as
              described  for  tcpdump(1),  except  that  qualifiers  which are
              inappropriate for a PPP link, such as ether  and  arp,  are  not
              permitted.   Generally  the filter expression should be enclosed
              in single-quotes to prevent whitespace in  the  expression  from
              being  interpreted  by  the  shell.  Note that it is possible to
              apply different constraints to  incoming  and  outgoing  packets
              using  the  inbound  and  outbound  qualifiers.  This  option is
              currently only available under NetBSD, and then only if both the
              kernel and pppd were compiled with PPP_FILTER defined.

       persist
              Do  not  exit  after  a connection is terminated; instead try to
              reopen the connection.

       plugin filename
              Load the shared library object file filename as a plugin.   This
              is a privileged option.

       predictor1
              Request  that  the  peer  compress  frames  that  it sends using
              Predictor-1  compression,  and  agree  to  compress  transmitted
              frames with Predictor-1 if requested.  This option has no effect
              unless the kernel driver supports Predictor-1 compression.

       privgroup group-name
              Allows members of group group-name to  use  privileged  options.
              This  is  a privileged option.  Use of this option requires care
              as there is no guarantee that members of group-name  cannot  use
              pppd  to  become  root  themselves.   Consider  it equivalent to
              putting the members of group-name in the kmem or disk group.

       proxyarp
              以彼端的IP位址以及該系統的以太網路位址增加一個項  目到系統的ARP[AddressResolutionProtocol位址解
              譯協定]表格。  This  will have the effect of making the peer appear to
              other systems to be on the local ethernet.

       pty script
              Specifies that the command script is to be used  to  communicate
              rather  than  a  specific  terminal  device.  Pppd will allocate
              itself a pseudo-tty master/slave pair and use the slave  as  its
              terminal device.  The script will be run in a child process with
              the pseudo-tty master as its  standard  input  and  output.   An
              explicit  device  name  may not be given if this option is used.
              (Note: if the record option is used in conjuction with  the  pty
              option,  the child process will have pipes on its standard input
              and output.)

       receive-all
              With this option, pppd will accept all control  characters  from
              the  peer,  including  those  marked  in  the  receive asyncmap.
              Without this option,  pppd  will  discard  those  characters  as
              specified  in RFC1662.  This option should only be needed if the
              peer is buggy.

       record filename
              Specifies that  pppd  should  record  all  characters  sent  and
              received  to  a  file  named  filename.   This file is opened in
              append mode, using the user's  user-ID  and  permissions.   This
              option  is  implemented  using  a  pseudo-tty  and  a process to
              transfer characters between the pseudo-tty and the  real  serial
              device,  so  it  will  increase  the latency and CPU overhead of
              transferring data over the ppp interface.   The  characters  are
              stored  in  a  tagged  format  with  timestamps,  which  can  be
              displayed in readable form using the pppdump(8) program.

       remotename name
              將遠端系統的假設名稱設為以進行驗証。

       refuse-chap
              With this option, pppd will not agree to authenticate itself  to
              the peer using CHAP.

       refuse-pap
              With  this option, pppd will not agree to authenticate itself to
              the peer using PAP.

       require-chap
              Require the peer to authenticate itself  using  CHAP  [Challenge
              Handshake Authentication Protocol] authentication.

       require-pap
              Require  the  peer  to  authenticate  itself using PAP [Password
              Authentication Protocol] authentication.

       show-password
              When logging the contents of PAP  packets,  this  option  causes
              pppd to show the password string in the log message.

       silent 加上這個選項,pppd將不會傳輸LCP封包來初使一個連           線一直到從彼端接收到一個有效的LCP封包。(就像是給
              舊版pppd使用的"passive"選項)。

       sync   Use synchronous HDLC serial encoding  instead  of  asynchronous.
              The device used by pppd with this option must have sync support.
              Currently supports Microgate SyncLink adapters under  Linux  and
              FreeBSD 2.2.8 and later.

       updetach
              With this option, pppd will detach from its controlling terminal
              once it has successfully established the ppp connection (to  the
              point  where  the first network control protocol, usually the IP
              control protocol, has come up).

       usehostname
              強迫主機名稱使用本地系統的名稱來進行驗証。(這會蓋過name選項)。 This option is  not  normally
              needed since the name option is privileged.

       usepeerdns
              Ask  the  peer  for up to 2 DNS server addresses.  The addresses
              supplied by the peer (if any) are passed to  the  /etc/ppp/ip-up
              script in the environment variables DNS1 and DNS2.  In addition,
              pppd will create an /etc/ppp/resolv.conf file containing one  or
              two nameserver lines with the address(es) supplied by the peer.

       user name
              將使用者名稱設為以便讓使用PAP的彼端驗証這台機器時使用。

       vj-max-slots n
              Sets  the  number  of  connection  slots  to  be used by the Van
              Jacobson TCP/IP header compression and decompression code to  n,
              which must be between 2 and 16 (inclusive).

       welcome script
              Run  the  executable or shell command specified by script before
              initiating PPP negotiation, after the connect  script  (if  any)
              has completed.  A value for this option from a privileged source
              cannot be overridden by a non-privileged user.

       xonxoff
              使用軟體流量控制(i.e.XON/XOFF)來控制串列埠上的資料流。

選項檔案 OPTIONS FILES
       選項可以從檔案取出使用就如同使用命令列一般。pppd在查看指  令列之前先從檔案/etc/ppp/options以及~/.ppprc讀取選項。
       ttyname  (in  that  order) before processing the options on the command
       line.  (In fact, the command-line  options  are  scanned  to  find  the
       terminal name before the options.ttyname file is read.)  In forming the
       name of the options.ttyname file, the initial /dev/ is removed from the
       terminal name, and any remaining / characters are replaced with dots.

       一個選項檔案以空白字元為界被剖析成一串單字。空白字元可以用           雙引號(")包括在一個單字裏。倒斜線引用其後的字元。而hash
       (#)符號開始一段注解持續到該行結束。 There is no restriction on using the file  or  call
       options within an options file.

安全 SECURITY
       pppd      提供系統管理人員充份的存取控制能力這表示以PPP存取一     台伺服機器可以提供給合法的使用者使用而不必擔心危及該伺服器
       或所在網路的安全性。這有一部份是以/etc/ppp/options檔案來     提供,在這裏系統管理人員可以放置在執行pppd的時候用來要求
       驗証的選項,而部份是由PAP以及CHAP暗號檔案來提供,其中 系統管理人員可以限制個別的使用者可以使用的一群IP位址。

       The  default  behaviour  of pppd is to allow an unauthenticated peer to
       use a given IP address only if the system does not already have a route
       to  that IP address.  For example, a system with a permanent connection
       to the wider internet will normally have a default route, and thus  all
       peers  will  have  to  authenticate  themselves  in  order  to set up a
       connection.  On such a system, the auth option is the default.  On  the
       other  hand,  a system where the PPP link is the only connection to the
       internet will not normally have a default route, so the  peer  will  be
       able to use almost any IP address without authenticating itself.

       As  indicated  above,  some  security-sensitive options are privileged,
       which means that they may not be used  by  an  ordinary  non-privileged
       user  running  a  setuid-root  pppd, either on the command line, in the
       user's ~/.ppprc file, or in an options file read using the file option.
       Privileged  options  may  be  used  in  /etc/ppp/options  file or in an
       options file read using the call option.  If pppd is being run  by  the
       root user, privileged options can be used without restriction.

       When  opening  the device, pppd uses either the invoking user's user ID
       or the root UID (that is, 0), depending on whether the device name  was
       specified  by the user or the system administrator.  If the device name
       comes from a privileged source, that is, /etc/ppp/options or an options
       file  read  using  the call option, pppd uses full root privileges when
       opening the device.   Thus,  by  creating  an  appropriate  file  under
       /etc/ppp/peers, the system administrator can allow users to establish a
       ppp connection  via  a  device  which  they  would  not  normally  have
       permission to access.  Otherwise pppd uses the invoking user's real UID
       when opening the device.

AUTHENTICATION

       Authentication is the process whereby one peer convinces the  other  of
       its  identity.   This  involves  the first peer sending its name to the
       other, together with some kind of secret information which  could  only
       come  from  the  genuine  authorized  user  of  that  name.  In such an
       exchange, we will call the first peer the "client" and  the  other  the
       "server".   The  client has a name by which it identifies itself to the
       server, and the server also has a name by which it identifies itself to
       the  client.   Generally  the  genuine  client  shares  some secret (or
       password) with the server, and authenticates itself by proving that  it
       knows  that  secret.   Very  often,  the  names used for authentication
       correspond to the internet hostnames of the  peers,  but  this  is  not
       essential.

       At  present,  pppd  supports two authentication protocols: the Password
       Authentication   Protocol   (PAP)   and   the    Challenge    Handshake
       Authentication  Protocol  (CHAP).   PAP involves the client sending its
       name and a cleartext password to the server to authenticate itself.  In
       contrast,  the  server  initiates  the  CHAP authentication exchange by
       sending a challenge to the client (the challenge  packet  includes  the
       server's name).  The client must respond with a response which includes
       its name plus a hash value derived  from  the  shared  secret  and  the
       challenge, in order to prove that it knows the secret.

       The  PPP  protocol, being symmetrical, allows both peers to require the
       other  to  authenticate  itself.   In  that  case,  two  separate   and
       independent  authentication  exchanges  will  occur.  The two exchanges
       could  use  different  authentication  protocols,  and  in   principle,
       different names could be used in the two exchanges.

        pppd預設的動作是如果有要求就同意進行驗証,並且不要求從彼          端做驗証。然而如果沒有可以用來驗証的暗號則pppd將不會同意
       以特殊的協定來驗証它自己。

        驗証的基礎是由暗號檔案選擇的暗號(/etc/ppp/pap-secrets是          給PAP使用的,/etc/ppp/chap-
       secrets則是給CHAP使用)。                        這兩個暗號檔案都具有相同的格式,而且兩者都可以儲放暗號給數
       種伺服器(驗証彼端)及客戶(被驗証端)組合使用。注意pppd 可以最為伺服端以及客戶端,而且如果需要的話兩方可以使用不同 的協定。

        一個暗號檔案如同選項檔案一般被剖析成單字。一個暗號是由最少             包含3個單字的一行所指定,依序是客戶,伺服器,暗號。在同
       一行中任何跟在其後的單字都被當作是給客戶的可接受IP位址列              表。如果該行只有3個單字,這假設任何IP位址都可以;不允
       許所有的IP位址的話,使用"-"。如果暗號是以'@'開始,其            後所接的單字將被假設為可以從中讀取暗號的檔案名稱。而以一個
       "*"字元作為客戶或伺服端的名稱會符合任何名稱。在選擇一個暗 號時,pppd會選擇最符合的,i.e.最少萬用字元的那個。

       如此一個暗號檔案包含用來驗証其它主機,以及用來為其它主機驗             証自己兩者的暗號。選擇使用哪個暗號是根據該主機(本地名稱)
       以及其彼端(遠端名稱)而定。本地名稱的設定如下:

       If the secret starts with an `@', what follows is  assumed  to  be  the
       name  of  a file from which to read the secret.  A "*" as the client or
       server name matches any name.  When selecting a secret, pppd takes  the
       best match, i.e.  the match with the fewest wildcards.

       Any  following  words  on  the  same  line  are  taken  to be a list of
       acceptable IP addresses for that client.  If there are only 3 words  on
       the  line,  or  if  the  first  word  is "-", then all IP addresses are
       disallowed.  To allow any address, use "*".  A word starting  with  "!"
       indicates that the specified address is not acceptable.  An address may
       be followed by "/" and a number n, to indicate a whole subnet, i.e. all
       addresses which have the same value in the most significant n bits.  In
       this form, the address may be followed by a plus sign ("+") to indicate
       that  one  address  from  the  subnet  is  authorized, based on the ppp
       network interface unit number in use.  In this case, the host  part  of
       the address will be set to the unit number plus one.

       Thus  a  secrets  file  contains both secrets for use in authenticating
       other hosts, plus secrets which we use for authenticating ourselves  to
       others.   When  pppd  is  authenticating  the peer (checking the peer's
       identity), it chooses a secret with the peer's name in the first  field
       and  the name of the local system in the second field.  The name of the
       local system defaults to the hostname, with the domain name appended if
       the  domain  option  is  used.  This default can be overridden with the
       name option, except when the usehostname option is used.

       When pppd is choosing a secret to use in authenticating itself  to  the
       peer,  it  first  determines  what  name it is going to use to identify
       itself to the peer.  This name can be specified by the  user  with  the
       user option.  If this option is not used, the name defaults to the name
       of the local system, determined as described in the previous paragraph.
       Then  pppd looks for a secret with this name in the first field and the
       peer's name in the second field.  Pppd will know the name of  the  peer
       if  CHAP  authentication is being used, because the peer will have sent
       it in the challenge packet.  However, if PAP is being used,  pppd  will
       have  to  determine  the  peer's name from the options specified by the
       user.   The  user  can  specify  the  peer's  name  directly  with  the
       remotename  option.   Otherwise, if the remote IP address was specified
       by a name (rather than in numeric form), that name will be used as  the
       peer's name.  Failing that, pppd will use the null string as the peer's
       name.

        當以PAP驗証彼端時,一個""暗號符合任何由彼端所提供密碼。        如果密碼不符合暗號,密碼被以crypt()編碼並且再次檢查暗號;
       因此驗証彼端的暗號可以編碼方式儲放。

       如果指定有login選項,         使用者名稱以及密碼也會被以系統的密碼資料庫檢查。因此系統管         理人員可以設定pap-
       secrets檔案以便只允許某些使用者以PPP 連線,並且限制每個使用者可以使用一些IP位址。 Typically,  when  using
       the login option, the secret in /etc/ppp/pap-secrets would be "", which
       will match any password supplied by the peer.  This avoids the need  to
       have the same secret in two places.

        驗証必須在IPCP(或任何其它網路控制協定)開始之前被完全地          滿足。如果驗証失敗,pppd將會終結連線(關閉LCP)。如果
       IPCP協商出一個無法接受的遠端主機IP位址,IPCP將會關閉。 IP封包只有在IPCP打開的時候才能傳送或接收。

        即使本地主機一般會要求驗証,在某些案例中會希望允一些無法驗            証它們自己的主機連線並使用所限制的IP位址其中之一。如果彼
       在被要求時拒絕驗証它自己,pppd將會把它當成等於是在使用者            名稱以及密碼上使用空字串來以PAP驗証。所以,藉由增加一行
       指定空字串為客戶以及密碼到pap-secrets檔案去,允許拒絕驗 証自己的主機進行有限制的存取是可能的。

路由 ROUTING
        當IPCP協商成功地完成時,pppd將會通知核心該ppp界面本地         以及遠端的IP位址。這足夠用來建立一個主機到該連線遠端的遞
       送路徑,該路徑將使兩端能交換IP封包。與其它的機器進行通訊       往往需要更進一步地修改遞送表格(routingtables)以及/或是
       ARP(位址解譯協定)表格。在某些案例中這將透過routed或是        gated隱形程式的動作自動地完成,但是在大部分的案例中需要更
       進一步的介入。

        有時候會希望透過遠端主機來增加一個預設遞送路徑,像是在一台    只透過ppp界面連線到Internet的機器。此defaultroute選
       項使得pppd在IPCP完成時建立起這麼一個預設的遞送路徑,並 且在該線路被終結時將之刪除。

        在某些情況下會希望使用proxyARP,例如在一台連結到區域網          路的伺服機器上,為了能夠允許其它的主機與遠端主機進行通訊。
       proxyarp選項引發pppd去尋找一個與遠端主機在相同子網路上   的網路界面(一個支援廣播(boardcast)以及ARP的界面,不但要
       是可用的並且不是一個點對點或回授界面)。如果找到,pppd會            以該遠端主機的IP位址以及所找到的網路界面之硬體位址建立一
       個永久的,公開的ARP項目。

       When the demand option is used, the interface IP addresses have already
       been set at the point when IPCP comes up.  If pppd has not been able to
       negotiate  the  same  addresses that it used to configure the interface
       (for example when the peer is an  ISP  that  uses  dynamic  IP  address
       assignment),  pppd  has  to  change  the  interface IP addresses to the
       negotiated addresses.  This may disrupt existing connections,  and  the
       use of demand dialling with peers that do dynamic IP address assignment
       is not recommended.

MULTILINK

       Multilink PPP provides the capability to combine two or more PPP  links
       between  a  pair of machines into a single `bundle', which appears as a
       single virtual PPP  link  which  has  the  combined  bandwidth  of  the
       individual  links.   Currently,  multilink  PPP is only supported under
       Linux.

       Pppd detects that the link it is controlling is connected to  the  same
       peer  as  another  link using the peer's endpoint discriminator and the
       authenticated identity of the peer (if it authenticates  itself).   The
       endpoint discriminator is a block of data which is hopefully unique for
       each peer.  Several types of  data  can  be  used,  including  locally-
       assigned  strings  of  bytes,  IP  addresses,  MAC  addresses, randomly
       strings of bytes, or E-164 phone numbers.  The  endpoint  discriminator
       sent to the peer by pppd can be set using the endpoint option.

       In  circumstances the peer may send no endpoint discriminator or a non-
       unique value.  The optional bundle option adds an extra string which is
       added  to  the peer's endpoint discriminator and authenticated identity
       when matching up links to be joined together in a bundle.   The  bundle
       option  can also be used to allow the establishment of multiple bundles
       between the local system and the peer.  Pppd uses  a  TDB  database  in
       /var/run/pppd.tdb to match up links.

       Assuming that multilink is enabled and the peer is willing to negotiate
       multilink, then when pppd is invoked to bring up the first link to  the
       peer,  it  will  detect that no other link is connected to the peer and
       create a new bundle, that is, another ppp network interface unit.  When
       another  pppd  is invoked to bring up another link to the peer, it will
       detect the existing bundle and join its link to it.  Currently, if  the
       first  pppd  terminates (for example, because of a hangup or a received
       signal) the bundle is destroyed.

範例 EXAMPLE S
       The following examples assume that the /etc/ppp/options  file  contains
       the  auth  option  (as  in the default /etc/ppp/options file in the ppp
       distribution).

       Probably the most common use of pppd is to dial out to  an  ISP.   This
       can be done with a command such as

              pppd call isp

       where the /etc/ppp/peers/isp file is set up by the system administrator
       to contain something like this:

              ttyS0 19200 crtscts
              connect '/usr/sbin/chat -v -f /etc/ppp/chat-isp'
              noauth

       In this example, we are using chat to  dial  the  ISP's  modem  and  go
       through  any  logon  sequence  required.   The  /etc/ppp/chat-isp  file
       contains the  script  used  by  chat;  it  could  for  example  contain
       something like this:

              ABORT "NO CARRIER"
              ABORT "NO DIALTONE"
              ABORT "ERROR"
              ABORT "NO ANSWER"
              ABORT "BUSY"
              ABORT "Username/Password Incorrect"
              "" "at"
              OK "at&d0&c1"
              OK "atdt2468135"
              "name:" "^Umyuserid"
              "word:" "\qmypassword"
              "ispts" "\q^Uppp"
              "~-^Uppp-~"

       See the chat(8) man page for details of chat scripts.

       Pppd  can  also be used to provide a dial-in ppp service for users.  If
       the users already have login accounts, the simplest way to set  up  the
       ppp  service  is to let the users log in to their accounts and run pppd
       (installed setuid-root) with a command such as

              pppd proxyarp

       To allow a user to use the PPP facilities, you need to allocate  an  IP
       address  for  that  user's machine and create an entry in /etc/ppp/pap-
       secrets or /etc/ppp/chap-secrets  (depending  on  which  authentication
       method  the PPP implementation on the user's machine supports), so that
       the user's machine can authenticate itself.  For example, if Joe has  a
       machine  called  "joespc"  which  is  to  be  allowed to dial in to the
       machine called "server" and use the IP address joespc.my.net, you would
       add  an  entry  like  this  to  /etc/ppp/pap-secrets  or /etc/ppp/chap-
       secrets:

              joespc    server    "joe's secret" joespc.my.net

       Alternatively, you can create a username called  (for  example)  "ppp",
       whose  login  shell  is  pppd  and  whose  home  directory is /etc/ppp.
       Options  to  be  used  when  pppd  is  run  this  way  can  be  put  in
       /etc/ppp/.ppprc.

        如果你的串列連線比直接以線路連接更復雜的話,你可能會需要做          些調整以便避開一些控制字元。特別是,通常避開XON(^Q)以及
       XOFF(^S)是有用的,可以使用asyncmapa0000。如果該路徑包
       含telnet的話,你可能應該也要避開^](asyncmap200a0000)。
       如果該路徑包含rlogin的話,你將需要在執行rlogin的客戶端    上使用escapeff選項,因為許多rlogin的實作並非是透通的;
       它們將會從資料流中移除[0xff,0xff,0x73,0x73,跟隨的任何 8位元組]這些序列。

診斷 DIAGNOSTICS
        訊息使用facilityLOG_DAEMON送到syslog隱形程式。(這個
       可以藉著以所要的facility定義LOG_PPP巨集來重新編譯pppd      加以改變。)為了能夠看到錯誤以及偵錯訊息,你將需要編輯你的
       /etc/syslog.conf檔案來將訊息導向到所希望的設備或檔案。

       debug選項使得所有送出以及接收的控制封包內容都被記錄下來,     這是指所有的LCP,PAP,CHAP,或是IPCP封包。如果PPP協商
       沒有成功的話那麼這可能會有用。如果在編譯時期開啟偵錯功能的
       話,pppd會使用facilityLOG_LOCAL2來取代LOG_DAEMON,而 且debug選項會使得額外的偵錯訊息被記錄下來。

       偵錯功能也可以藉著傳送一個SIGUSR1到pppd程式來啟動。偵 錯功能可以藉著傳送一個SIGUSR2到pppd程式來關閉。

EXIT STATUS

       The  exit  status  of  pppd  is  set  to indicate whether any error was
       detected, or the reason for the link being terminated.  The values used
       are:

       0      Pppd  has detached, or otherwise the connection was successfully
              established and terminated at the peer's request.

       1      An immediately fatal error of some kind  occurred,  such  as  an
              essential system call failing, or running out of virtual memory.

       2      An  error  was detected in processing the options given, such as
              two mutually exclusive options being used.

       3      Pppd is not setuid-root and the invoking user is not root.

       4      The kernel does not support PPP, for  example,  the  PPP  kernel
              driver is not included or cannot be loaded.

       5      Pppd  terminated because it was sent a SIGINT, SIGTERM or SIGHUP
              signal.

       6      The serial port could not be locked.

       7      The serial port could not be opened.

       8      The connect script failed (returned a non-zero exit status).

       9      The command specified as the argument to the  pty  option  could
              not be run.

       10     The  PPP  negotiation failed, that is, it didn't reach the point
              where at least one network protocol (e.g. IP) was running.

       11     The peer system failed (or refused) to authenticate itself.

       12     The link was established successfully and terminated because  it
              was idle.

       13     The link was established successfully and terminated because the
              connect time limit was reached.

       14     Callback was negotiated  and  an  incoming  call  should  arrive
              shortly.

       15     The  link  was  terminated because the peer is not responding to
              echo requests.

       16     The link was terminated by the modem hanging up.

       17     The PPP negotiation failed because serial loopback was detected.

       18     The init script failed (returned a non-zero exit status).

       19     We failed to authenticate ourselves to the peer.

SCRIPTS

       Pppd invokes scripts at various stages in its processing which  can  be
       used  to perform site-specific ancillary processing.  These scripts are
       usually shell scripts, but could  be  executable  code  files  instead.
       Pppd does not wait for the scripts to finish.  The scripts are executed
       as root (with the real and effective user-id set to 0),  so  that  they
       can  do things such as update routing tables or run privileged daemons.
       Be careful that the contents of these scripts do  not  compromise  your
       system's  security.   Pppd runs the scripts with standard input, output
       and error redirected to /dev/null, and  with  an  environment  that  is
       empty except for some environment variables that give information about
       the link.  The environment variables that pppd sets are:

       DEVICE The name of the serial tty device being used.

       IFNAME The name of the network interface being used.

       IPLOCAL
              The IP address for the local end of the link.  This is only  set
              when IPCP has come up.

       IPREMOTE
              The IP address for the remote end of the link.  This is only set
              when IPCP has come up.

       PEERNAME
              The authenticated name of the peer.  This is  only  set  if  the
              peer authenticates itself.

       SPEED  The baud rate of the tty device.

       ORIG_UID
              The real user-id of the user who invoked pppd.

       PPPLOGNAME
              The  username  of  the  real  user-id that invoked pppd. This is
              always set.

       For the ip-down and auth-down scripts, pppd  also  sets  the  following
       variables giving statistics for the connection:

       CONNECT_TIME
              The  number  of  seconds  from  when the PPP negotiation started
              until the connection was terminated.

       BYTES_SENT
              The number of bytes sent (at  the  level  of  the  serial  port)
              during the connection.

       BYTES_RCVD
              The  number  of bytes received (at the level of the serial port)
              during the connection.

       LINKNAME
              The logical name of the link, set with the linkname option.

       Pppd invokes the following scripts, if they exist.  It is not an  error
       if they don't exist.

       /etc/ppp/auth-up
              A  program  or  script which is executed after the remote system
              successfully authenticates itself.   It  is  executed  with  the
              parameters

              interface-name peer-name user-name tty-device speed

              Note  that  this  script  is  not  executed  if the peer doesn't
              authenticate itself, for example when the noauth option is used.

       /etc/ppp/auth-down
              A program or script which is executed when the link  goes  down,
              if  /etc/ppp/auth-up was previously executed.  It is executed in
              the same manner with the same parameters as /etc/ppp/auth-up.

       /etc/ppp/ip-up
              當線路可以傳送以及接收IP封包時(也就是IPCP完成             時)執行的一支程式或指令稿。它是以界面的名稱、終端
              設備、速度、本地-IP-位址、遠端-IP-位址為參數執行。

              interface-name   tty-device  speed  local-IP-address  remote-IP-
              address ipparam

       /etc/ppp/ip-down
              當線路不再允許傳送以及接收IP封包時執行的一支程式        或指令稿。這個指令稿可以用來回復/etc/ppp/ip-up指
              令稿的影響。它以與ip-up指令稿相同的參數啟動。

       /etc/ppp/ipv6-up
              Like /etc/ppp/ip-up, except that it is executed when the link is
              available for sending and receiving IPv6 packets. It is executed
              with the parameters

              interface-name tty-device speed local-link-local-address remote-
              link-local-address ipparam

       /etc/ppp/ipv6-down
              Similar to  /etc/ppp/ip-down,  but  it  is  executed  when  IPv6
              packets can no longer be transmitted on the link. It is executed
              with the same parameters as the ipv6-up script.

       /etc/ppp/ipx-up
              A program or script which is executed when the link is available
              for  sending  and receiving IPX packets (that is, IPXCP has come
              up).  It is executed with the parameters

              interface-name tty-device speed  network-number  local-IPX-node-
              address    remote-IPX-node-address    local-IPX-routing-protocol
              remote-IPX-routing-protocol  local-IPX-router-name   remote-IPX-
              router-name ipparam pppd-pid

              The  local-IPX-routing-protocol  and remote-IPX-routing-protocol
              field may be one of the following:

              NONE      to indicate that there is no routing protocol
              RIP       to indicate that RIP/SAP should be used
              NLSP      to indicate that Novell NLSP should be used
              RIP NLSP  to indicate that both RIP/SAP and NLSP should be used

       /etc/ppp/ipx-down
              A program or script which is executed when the link is no longer
              available  for  sending  and receiving IPX packets.  This script
              can be used for  undoing  the  effects  of  the  /etc/ppp/ipx-up
              script.   It  is  invoked  in  the same manner and with the same
              parameters as the ipx-up script.

檔案 FILES
       /var/run/pppn.pid (BSD or Linux), /etc/ppp/pppn.pid (others)
              在ppp界面單元n上的ppp程式之Process-ID。

       /var/run/ppp-name.pid (BSD or Linux), /etc/ppp/ppp-name.pid (others)
              Process-ID for pppd process  for  logical  link  name  (see  the
              linkname option).

       /etc/ppp/pap-secrets
               由PAP驗証所使用的使用者名稱、密碼以及IP位址。 This file should be owned by root and
              not readable or writable by any other user.   Pppd  will  log  a
              warning if this is not the case.

       /etc/ppp/chap-secrets
               由CHAP驗証所使用的名稱、暗號以及IP位址。
               As  for /etc/ppp/pap-secrets, this file should be owned by root
              and not readable or writable by any other user.  Pppd will log a
              warning if this is not the case.

       /etc/ppp/options
               pppd的系統預設選項,在使用者預設選項或指令列選項之前讀取。

       ~/.ppprc
               使用者預設選項,在指令列選項之前讀取。

       /etc/ppp/options.ttyname
               所要使用之串列埠的系統預設選項,在指令列之後讀取。read  after  ~/.ppprc.  In forming the
              ttyname part of this filename, an initial /dev/ is stripped from
              the  port  name  (if  present), and any slashes in the remaining
              part are converted to dots.

       /etc/ppp/peers
              A  directory  containing  options  files   which   may   contain
              privileged  options,  even  if  pppd was invoked by a user other
              than root.  The system administrator can create options files in
              this  directory  to  permit  non-privileged  users  to  dial out
              without requiring the peer to authenticate, but only to  certain
              trusted peers.

參見 SEE ALSO
       RFC1144
              Jacobson,  V.   Compressing  TCP/IP headers for low-speed serial
              links.  February 1990.

       RFC1321
              Rivest, R.  The MD5 Message-Digest Algorithm.  April 1992.

       RFC1332
              McGregor, G.  PPP Internet  Protocol  Control  Protocol  (IPCP).
              May 1992.

       RFC1334
              Lloyd, B.; Simpson, W.A.  PPP authentication protocols.  October
              1992.

       RFC1661
              Simpson, W.A.  The Point-to-Point Protocol (PPP).  July 1994.

       RFC1662
              Simpson, W.A.  PPP in HDLC-like Framing.  July 1994.

       RFC2472
              Haskin, D.  IP Version 6 over PPP December 1998.

 注意 NOTES
       下列信號傳送到pppd程式時有特別的影響

       SIGINT, SIGTERM
              這些信號使得pppd終止該連線(關閉LCP),回存串列 串列設備的設定,並結束離開。

       SIGHUP 指出實體層已經被斷線。pppd將會試圖回存串列設備的設 定(這可能會在Suns上產生錯誤訊息),然後結束離開。
               If the persist or demand option has been specified,  pppd  will
              try  to  reopen  the  serial device and start another connection
              (after the holdoff period).  Otherwise pppd will exit.  If  this
              signal  is received during the holdoff period, it causes pppd to
              end the holdoff period immediately.

       SIGUSR1
              This signal toggles the state of the debug option.

       SIGUSR2
              This signal causes pppd to renegotiate compression.  This can be
              useful  to re-enable compression after it has been disabled as a
              result of a fatal  decompression  error.   (Fatal  decompression
              errors generally indicate a bug in one or other implementation.)

作者 AUTHOR S
       Paul Mackerras (Paul.Mackerras@cs.anu.edu.au), based on earlier work by
       Drew Perkins, Brad Clements, Karl Fox, Greg Christy, and Brad Parker.

[中文版維護人]
       軟體教程之Linux Man <asdchen@pc2.hinet.net> <Best Linux> 1999

[中文版最新更新]
       1995/10/08

《中國linux論壇man手冊頁翻譯計劃》:
       http://cmpp.linuxforum.net

                                                                       PPPD(8)