Index: head/release/picobsd/floppy.tree/etc/ppp/ppp.conf =================================================================== --- head/release/picobsd/floppy.tree/etc/ppp/ppp.conf (revision 244039) +++ head/release/picobsd/floppy.tree/etc/ppp/ppp.conf (revision 244040) @@ -1,9 +1,9 @@ # $FreeBSD$ # PPP Sample Configuration File # Written by Toshiharu OHNO default: - set device /dev/cuad1 + set device /dev/cuau1 set speed 38400 disable lqr deny lqr set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK \\dATDT\\T TIMEOUT 40 CONNECT" Index: head/release/picobsd/mfs_tree/etc/remote =================================================================== --- head/release/picobsd/mfs_tree/etc/remote (revision 244039) +++ head/release/picobsd/mfs_tree/etc/remote (revision 244040) @@ -1,50 +1,50 @@ # @(#)remote 5.2 (Berkeley) 6/30/90 # $FreeBSD$ # remote -- remote host description file # see tip(1), remote(5) # # dv device to use for the tty # el EOL marks (default is NULL) # du make a call flag (dial up) # pn phone numbers (@ =>'s search phones file; possibly taken from # PHONES environment variable) # at ACU type # ie input EOF marks (default is NULL) # oe output EOF string (default is NULL) # cu call unit (default is dv) # br baud rate (defaults to 300) # fs frame size (default is BUFSIZ) -- used in buffering writes on # receive operations # tc to continue a capability # Systems definitions netcom|Netcom Unix Access:\ :pn=\@:tc=unix1200: omen|Omen BBS:\ :pn=\@:tc=dos1200: # UNIX system definitions unix1200|1200 Baud dial-out to a UNIX system:\ :el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial1200: unix300|300 Baud dial-out to a UNIX system:\ :el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial300: # DOS system definitions dos1200|1200 Baud dial-out to a DOS system:\ :el=^U^C^R^O^D^S^Q:ie=%$:oe=^Z:pa=none:tc=dial1200: # General dialer definitions used below # # COURIER switch settings: # switch: 1 2 3 4 5 6 7 8 9 10 # setting: D U D U D D U D U U # Rackmount: U U D U D U D D U D # dial2400|2400 Baud Hayes attributes:\ - :dv=/dev/cuad0:br#2400:cu=/dev/cuad0:at=hayes:du: + :dv=/dev/cuau0:br#2400:cu=/dev/cuau0:at=hayes:du: dial1200|1200 Baud Hayes attributes:\ - :dv=/dev/cuad0:br#1200:cu=/dev/cuad0:at=hayes:du: + :dv=/dev/cuau0:br#1200:cu=/dev/cuau0:at=hayes:du: # Hardwired line -cuad0b|cua0b:dv=/dev/cuad0:br#2400 -cuad0c|cua0c:dv=/dev/cuad0:br#9600 +cuau0b|cua0b:dv=/dev/cuau0:br#2400 +cuau0c|cua0c:dv=/dev/cuau0:br#9600 Index: head/sbin/comcontrol/comcontrol.8 =================================================================== --- head/sbin/comcontrol/comcontrol.8 (revision 244039) +++ head/sbin/comcontrol/comcontrol.8 (revision 244040) @@ -1,65 +1,65 @@ .\" $FreeBSD$ .Dd May 15, 1994 .Dt COMCONTROL 8 .Os .Sh NAME .Nm comcontrol .Nd control a special tty device .Sh SYNOPSIS .Nm .Ar special_device .Op dtrwait Ar number .Op drainwait Ar number .Sh DESCRIPTION The .Nm utility is used to examine and modify some of the special characteristics of the specified tty device. If no arguments other than the device (or "-" for stdin) are specified, it prints the settings of all controllable characteristics. This usage requires only read access on the device. Only the superuser can change the settings. .Pp The following options are available: .Bl -tag -width indent .It Cm dtrwait Ar number Set the time to wait after dropping DTR to the given number. The units are hundredths of a second. The default is 300 hundredths, i.e., 3 seconds. This option needed mainly to set proper recover time after modem reset. .It Cm drainwait Ar number Set the time to wait for output drain to the given number. The units are seconds. The default is 5 minutes, 0 means waiting forever. This option needed mainly to specify upper limit of minutes to prevent modem hanging. .El .Pp The standard way to use .Nm is to put invocations of it in the .Pa /etc/rc.d/serial startup script. .Sh FILES .Bl -tag -width /dev/ttyd? -compact .It Pa /dev/ttyd? dialin devices, hardwired terminals -.It Pa /dev/cuad? +.It Pa /dev/cuau? dialout devices .El .Sh SEE ALSO .Xr stty 1 , .Xr sio 4 .Sh HISTORY Originally part of cgd's com package patches, version 0.2.1, to .Bx 386 0.1 . Once controlled bidirectional capabilities. Little is left to control now that these capabilities are standard. .Sh AUTHORS .An Christopher G. Demetriou Index: head/share/examples/ppp/ppp.conf.sample =================================================================== --- head/share/examples/ppp/ppp.conf.sample (revision 244039) +++ head/share/examples/ppp/ppp.conf.sample (revision 244040) @@ -1,789 +1,789 @@ ################################################################# # # PPP Sample Configuration File # # Originally written by Toshiharu OHNO # # $FreeBSD$ # ################################################################# # This file is separated into sections. Each section is named with # a label starting in column 0 and followed directly by a ``:''. The # section continues until the next label. Blank lines and characters # after a ``#'' are ignored (a literal ``#'' must be escaped with a ``\'' # or quoted with ""). All commands inside sections that do not begin # with ``!'' (e.g., ``!include'') *must* be indented by at least one # space or tab or they will not be recognized! # # Lines beginning with "!include" will ``include'' another file. You # may want to ``!include ~/.ppp.conf'' for backwards compatibility. # # Default setup. Always executed when PPP is invoked. # This section is *not* pre-loaded by the ``load'' or ``dial'' commands. # # This is the best place to specify your modem device, its DTR rate, # your dial script and any logging specification. Logging specs should # be done first so that the results of subsequent commands are logged. # default: set log Phase Chat LCP IPCP CCP tun command - set device /dev/cuad1 + set device /dev/cuau1 set speed 115200 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT \ OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" # Client side PPP # # Although the PPP protocol is a peer to peer protocol, we normally # consider the side that initiates the connection as the client and # the side that receives the connection as the server. Authentication # is required by the server either using a unix-style login procedure # or by demanding PAP or CHAP authentication from the client. # # An on demand example where we have dynamic IP addresses and wish to # use a unix-style login script: # # If the peer assigns us an arbitrary IP (most ISPs do this) and we # can't predict what their IP will be either, take a wild guess at # some IPs that you can't currently route to. Ppp can change this # when the link comes up. # # The /0 bit in "set ifaddr" says that we insist on 0 bits of the # specified IP actually being correct, therefore, the other side can assign # any IP number. # # The fourth arg to "set ifaddr" makes us send "0.0.0.0" as our requested # IP number, forcing the peer to make the decision. This is necessary # when negotiating with some (broken) ppp implementations. # # This entry also works with static IP numbers or when not in -auto mode. # The ``add'' line adds a `sticky' default route that will be updated if # and when any of the IP numbers are changed in IPCP negotiations. # The "set ifaddr" is required in -auto mode only. # It's better to put the ``add'' line in ppp.linkup when not in -auto mode. # # Finally, the ``enable dns'' line tells ppp to ask the peer for the # nameserver addresses that should be used. This isn't always supported # by the other side, but if it is, ppp will update /etc/resolv.conf with # the correct nameserver values at connection time. # # The login script shown says that you're expecting ``ogin:''. If you # don't receive that, send a ``\n'' and expect ``ogin:'' again. When # it's received, send ``ppp'', expect ``word:'' then send ``ppp''. # You *MUST* customise this login script according to your local # requirements. # pmdemand: set phone 1234567 set login "ABORT NO\\sCARRIER TIMEOUT 5 ogin:--ogin: ppp word: ppp" set timeout 120 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 add default HISADDR enable dns # If you want to use PAP or CHAP instead of using a unix-style login # procedure, do the following. Note, the peer suggests whether we # should send PAP or CHAP. By default, we send whatever we're asked for. # # You *MUST* customise ``MyName'' and ``MyKey'' below. # PAPorCHAPpmdemand: set phone 1234567 set login set authname "MyName" set authkey "MyKey" set timeout 120 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 add default HISADDR enable dns # On demand dialup example with static IP addresses: # Here, the local side uses 192.244.185.226 and the remote side # uses 192.244.176.44. # # # ppp -auto ondemand # # With static IP numbers, our setup is similar to dynamic: # Remember, ppp.linkup is searched for a "192.244.176.44" label, then # an "ondemand" label, and finally the "MYADDR" label. # ondemand: set phone 1234567 set login "ABORT NO\\sCARRIER TIMEOUT 5 ogin:--ogin: ppp word: ppp" set timeout 120 set ifaddr 192.244.185.226 192.244.176.44 add default HISADDR enable dns # An on-demand dialup example using an external Terminal Adapter (TA) # that supports multi-link ppp itself. # # This may be specific to the AETHRA TA. # TA: set phone 12345678 # Replace this with your ISPs phone number set authname "somename" # Replace these with your login name & password. set authkey "somepasswd" # This profile assumes you're using PAP or CHAP. enable lqr echo set reconnect 3 5 set redial 3 10 set lqrperiod 45 disable pred1 deflate mppe deny pred1 deflate mppe set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATB41CL2048 \ OK-AT-OK ATB40&J3E1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" set login set logout set hangup set timeout 60 300 # The minimum charge period is 5 minutes, so don't # hangup before then - set device /dev/cuad0 # Or whatever + set device /dev/cuau0 # Or whatever set speed 115200 # Use as high a speed as possible enable dns # Ask the peer what to put in resolv.conf # Take a wild guess at an IP number and let the other side decide set ifaddr 172.16.0.1/0 212.0.0.0/0 0 0 add! default hisaddr set mru 1504 # Some extra room for the MP header set server /var/run/ppp/ppp-TA "" 0177 # The diagnostic port (-rw-------) # Example segments # # The following lines may be included as part of your configuration # section and aren't themselves complete. They're provided as examples # of how to achieve different things. examples: # Multi-phone example. Numbers separated by a : are used sequentially. # Numbers separated by a | are used if the previous dial or login script # failed. Usually, you will prefer to use only one of | or :, but both # are allowed. # set phone 12345678|12345679:12345670|12345671 # # Some phone numbers may include # characters - don't forget to escape # (or quote) them: # set phone "12345##678" # # Ppp can accept control instructions from the ``pppctl'' program. # First, you must set up your control socket. It's safest to use # a UNIX domain socket, and watch the permissions: # set server /var/run/ppp/internet MySecretPassword 0177 # # Although a TCP port may be used if you want to allow control # connections from other machines: # set server 6670 MySecretpassword # # If you don't like ppp's builtin chat, use an external one: # set login "\"!chat \\-f /etc/ppp/ppp.dev.chat\"" # # If we have a ``strange'' modem that must be re-initialized when we # hangup: # set hangup "\"\" AT OK-AT-OK ATZ OK" # # To adjust logging without blowing away the setting in default: # set log -command +tcp/ip # # To see log messages on the screen in interactive mode: # set log local LCP IPCP CCP # # If you're seeing a lot of magic number problems and failed connections, # try this (see the man page): # set openmode active 5 # # For noisy lines, we may want to reconnect (up to 20 times) after loss # of carrier, with 3 second delays between each attempt: # set reconnect 3 20 # # When playing server for M$ clients, tell them who our NetBIOS name # servers are: # set nbns 10.0.0.1 10.0.0.2 # # Inform the client if they ask for our DNS IP numbers: # enable dns # # If you don't want to tell them what's in your /etc/resolv.conf file # with `enable dns', override the values: # set dns 10.0.0.1 10.0.0.2 # # Some people like to prioritize DNS packets: # set urgent udp +53 # # If we're using the -nat switch, redirect ftp and http to an internal # machine: # nat port tcp 10.0.0.2:ftp ftp nat port tcp 10.0.0.2:http http # # or don't trust the outside at all # nat deny_incoming yes # # I trust user brian to run ppp, so this goes in the `default' section: # allow user brian # # But label `internet' contains passwords that even brian can't have, so # I empty out the user access list in that section so that only root can # have access: # allow users # # I also may wish to set up my ppp login script so that it asks the client # for the label they wish to use. I may only want user ``dodgy'' to access # their own label in direct mode: # dodgy: allow user dodgy allow mode direct # # We don't want certain packets to keep our connection alive # set filter alive 0 deny udp src eq 520 # routed set filter alive 1 deny udp dst eq 520 # routed set filter alive 2 deny udp src eq 513 # rwhod set filter alive 3 deny udp src eq 525 # timed set filter alive 4 deny udp src eq 137 # NetBIOS name service set filter alive 5 deny udp src eq 138 # NetBIOS datagram service set filter alive 6 deny tcp src eq 139 # NetBIOS session service set filter alive 7 deny udp dst eq 137 # NetBIOS name service set filter alive 8 deny udp dst eq 138 # NetBIOS datagram service set filter alive 9 deny tcp dst eq 139 # NetBIOS session service set filter alive 10 deny 0/0 MYADDR icmp # Ping to us from outside set filter alive 11 permit 0/0 0/0 # # And in auto mode, we don't want certain packets to cause a dialup # set filter dial 0 deny udp src eq 513 # rwhod set filter dial 1 deny udp src eq 525 # timed set filter dial 2 deny udp src eq 137 # NetBIOS name service set filter dial 3 deny udp src eq 138 # NetBIOS datagram service set filter dial 4 deny tcp src eq 139 # NetBIOS session service set filter dial 5 deny udp dst eq 137 # NetBIOS name service set filter dial 6 deny udp dst eq 138 # NetBIOS datagram service set filter dial 7 deny tcp dst eq 139 # NetBIOS session service set filter dial 8 deny tcp finrst # Badly closed TCP channels set filter dial 9 permit 0 0 # # Once the line's up, allow these connections # set filter in 0 permit tcp dst eq 113 # ident set filter out 0 permit tcp src eq 113 # ident set filter in 1 permit tcp src eq 23 estab # telnet set filter out 1 permit tcp dst eq 23 # telnet set filter in 2 permit tcp src eq 21 estab # ftp set filter out 2 permit tcp dst eq 21 # ftp set filter in 3 permit tcp src eq 20 dst gt 1023 # ftp-data set filter out 3 permit tcp dst eq 20 # ftp-data set filter in 4 permit udp src eq 53 # DNS set filter out 4 permit udp dst eq 53 # DNS set filter in 5 permit 192.244.191.0/24 0/0 # Where I work set filter out 5 permit 0/0 192.244.191.0/24 # Where I work set filter in 6 permit icmp # pings set filter out 6 permit icmp # pings set filter in 7 permit udp dst gt 33433 # traceroute set filter out 7 permit udp dst gt 33433 # traceroute # # ``dodgynet'' is an example intended for an autodial configuration which # is connecting a local network to a host on an untrusted network. dodgynet: set log Phase # Log link uptime allow mode auto # For autoconnect only - set device /dev/cuad1 # Define modem device and speed + set device /dev/cuau1 # Define modem device and speed set speed 115200 deny lqr # Don't support LQR set phone 0W1194 # Remote system phone number, set authname "pppLogin" # login set authkey "MyPassword" # and password set dial "ABORT BUSY ABORT NO\\sCARRIER \ # Chat script to dial the peer TIMEOUT 5 \"\" ATZ OK-ATZ-OK \ ATE1Q0M0 OK \\dATDT\\T \ TIMEOUT 40 CONNECT" set login "TIMEOUT 10 \"\" \"\" \ # And to login to remote system gin:--gin: \\U word: \\P" # Drop the link after 15 minutes of inactivity # Inactivity is defined by the `set filter alive' line below set timeout 900 # Hard-code remote system to appear within local subnet and use proxy arp # to make this system the gateway for the rest of the local network set ifaddr 172.17.20.247 172.17.20.248 255.255.240.0 enable proxy # Allow any TCP packet to keep the link alive set filter alive 0 permit tcp # Only allow dialup to be triggered by http, rlogin, rsh, telnet, ftp or # private TCP ports 24 and 4000 set filter dial 0 7 0 0 tcp dst eq http set filter dial 1 7 0 0 tcp dst eq login set filter dial 2 7 0 0 tcp dst eq shell set filter dial 3 7 0 0 tcp dst eq telnet set filter dial 4 7 0 0 tcp dst eq ftp set filter dial 5 7 0 0 tcp dst eq 24 set filter dial 6 deny ! 0 0 tcp dst eq 4000 # From hosts on a couple of local subnets to the remote peer # If the remote host allowed IP forwarding and we wanted to use it, the # following rules could be split into two groups to separately validate # the source and destination addresses. set filter dial 7 permit 172.17.16.0/20 172.17.20.248 set filter dial 8 permit 172.17.36.0/22 172.17.20.248 set filter dial 9 permit 172.17.118.0/26 172.17.20.248 set filter dial 10 permit 10.123.5.0/24 172.17.20.248 # Once the link's up, limit outgoing access to the specified hosts set filter out 0 4 172.17.16.0/20 172.17.20.248 set filter out 1 4 172.17.36.0/22 172.17.20.248 set filter out 2 4 172.17.118.0/26 172.17.20.248 set filter out 3 deny ! 10.123.5.0/24 172.17.20.248 # Allow established TCP connections set filter out 4 permit 0 0 tcp estab # And new connections to http, rlogin, rsh, telnet, ftp and ports # 24 and 4000 set filter out 5 permit 0 0 tcp dst eq http set filter out 6 permit 0 0 tcp dst eq login set filter out 7 permit 0 0 tcp dst eq shell set filter out 8 permit 0 0 tcp dst eq telnet set filter out 9 permit 0 0 tcp dst eq ftp set filter out 10 permit 0 0 tcp dst eq 24 set filter out 11 permit 0 0 tcp dst eq 4000 # And outgoing icmp set filter out 12 permit 0 0 icmp # Once the link's up, limit incoming access to the specified hosts set filter in 0 4 172.17.20.248 172.17.16.0/20 set filter in 1 4 172.17.20.248 172.17.36.0/22 set filter in 2 4 172.17.20.248 172.17.118.0/26 set filter in 3 deny ! 172.17.20.248 10.123.5.0/24 # Established TCP connections and non-PASV FTP set filter in 4 permit 0/0 0/0 tcp estab set filter in 5 permit 0/0 0/0 tcp src eq 20 # Useful ICMP messages set filter in 6 permit 0/0 0/0 icmp src eq 3 set filter in 7 permit 0/0 0/0 icmp src eq 4 set filter in 8 permit 0/0 0/0 icmp src eq 11 set filter in 9 permit 0/0 0/0 icmp src eq 12 # Echo reply (local systems can ping the remote host) set filter in 10 permit 0/0 0/0 icmp src eq 0 # And the remote host can ping the local gateway (only) set filter in 11 permit 0/0 172.17.20.247 icmp src eq 8 # Server side PPP # # If you want the remote system to authenticate itself, you must insist # that the peer uses CHAP or PAP with the "enable" keyword. Both CHAP and # PAP are disabled by default. You may enable either or both. If both # are enabled, CHAP is requested first. If the client doesn't agree, PAP # will then be requested. # # Note: If you use the getty/login process to authenticate users, you # don't need to enable CHAP or PAP, but the user that has logged # in *MUST* be a member of the ``network'' group (in /etc/group). # # Note: Chap80 and chap81 are Microsoft variations of standard chap (05). # # If you wish to allow any user in the passwd database ppp access, you # can ``enable passwdauth'', but this will only work with PAP. # # When the peer authenticates itself, we use ppp.secret for verification # (although refer to the ``set radius'' command below for an alternative). # # Note: We may supply a third field in ppp.secret specifying the IP # address for that user, a fourth field to specify the # ppp.link{up,down} label to use and a fifth field to specify # callback characteristics. # # The easiest way to allow transparent LAN access to your dialin users # is to assign them a number from your local LAN and tell ppp to make a # ``proxy'' arp entry for them. In this example, we have a local LAN # with IP numbers 10.0.0.1 - 10.0.0.99, and we assign numbers to our # ppp clients between 10.0.0.100 and 10.0.0.199. It is possible to # override the dynamic IP number with a static IP number specified in # ppp.secret. # # Ppp is launched with: # # ppp -direct server # server: enable chap chap80 chap81 pap passwdauth enable proxy set ifaddr 10.0.0.1 10.0.0.100-10.0.0.199 accept dns # Example of a RADIUS configuration: # If there are one or more radius servers available, we can use them # instead of the ppp.secret file. Simply put then in a radius # configuration file (usually /etc/radius.conf) and give ppp the # file name. # Ppp will use the FRAMED characteristics supplied by the radius server # to configure the link. radius-server: load server # load in the server config from above set radius /etc/radius.conf # Example to connect using a null-modem cable: # The important thing here is to allow the lqr packets on both sides. # Without them enabled, we can't tell if the line's dropped - there # should always be carrier on a direct connection. # Here, the server sends lqr's every 10 seconds and quits if five in a # row fail. # # Make sure you don't have "deny lqr" in your default: on the client ! # If the peer denies LQR, we still send ECHO LQR packets at the given # lqrperiod interval (ppp-style-pings). # direct-client: set dial - set device /dev/cuad0 + set device /dev/cuau0 set sp 115200 set timeout 900 set lqrperiod 10 set log Phase Chat LQM set login "ABORT NO\\sCARRIER TIMEOUT 5 ogin:--ogin: ppp word: ppp HELLO" set ifaddr 10.0.4.2 10.0.4.1 enable lqr echo accept lqr direct-server: set timeout 0 set lqrperiod 10 set log Phase LQM set ifaddr 10.0.4.1 10.0.4.2 enable lqr echo accept lqr # Example to connect via compuserve # Compuserve insists on 7 bits even parity during the chat phase. Modem # parity is always reset to ``none'' after the link has been established. # compuserve: set phone 1234567 set parity even set login "TIMEOUT 100 \"\" \"\" Name: CIS ID: 999999,9999/go:pppconnect \ word: XXXXXXXX PPP" set timeout 300 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 delete ALL add default HISADDR # Example for PPP over TCP. # We assume that inetd on tcpsrv.mynet has been # configured to run "ppp -direct tcp-server" when it gets a connection on # port 1234 with an entry something like this in /etc/inetd.conf.: # # ppp stream tcp nowait root /usr/sbin/ppp ppp -direct tcp-server # # with this in /etc/services: # # ppp 6671/tcp # # Read the man page for further details. # # Note, we assume we're using a binary-clean connection. If something # such as `rlogin' is involved, you may need to ``set escape 0xff'' # tcp-client: set device tcpsrv.mynet:1234 set dial set login set ifaddr 10.0.5.1 10.0.4.1 255.255.255.0 tcp-server: set ifaddr 10.0.4.1 10.0.5.1 255.255.255.0 # Using UDP is also possible with this in /etc/inetd.conf: # # ppp dgram udp wait root /usr/sbin/ppp ppp -direct udp-server # # and this in /etc/services: # # ppp 6671/tcp # udp-client: set device udpsrv.mynet:1234/udp set dial set login set ifaddr 10.0.5.1 10.0.4.1 255.255.255.0 udp-server: set ifaddr 10.0.4.1 10.0.5.1 255.255.255.0 # Example for PPP testing. # If you want to test ppp, do it through the loopback interface: # # Requires a line in /etc/services: # ppploop 6671/tcp # loopback ppp daemon # # and a line in /etc/inetd.conf: # ppploop stream tcp nowait root /usr/sbin/ppp ppp -direct inet-loop-in # inet-loop: set timeout 0 set log phase chat connect lcp ipcp command set device localhost:ppploop set dial set login set ifaddr 127.0.0.2 127.0.0.3 set server /var/run/ppp/loop "" 0177 inet-loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct # Example of a VPN. # If you're going to create a tunnel through a public network, your VPN # should be set up something like this: # # You should already have set up ssh using ssh-agent & ssh-add. # sloop: load inet-loop # Passive mode allows ssh plenty of time to establish the connection set openmode passive set device "!ssh whatevermachine /usr/sbin/ppp -direct inet-loop-in" # or a better VPN solution (which doesn't run IP over a reliable # protocol like tcp) may be: # vpn-client: set device udpsrv.mynet:1234/udp # PPP over UDP set dial set login set ifaddr 10.0.5.1 10.0.4.1 255.255.255.0 disable deflate pred1 deny deflate pred1 enable MPPE # With encryption accept MPPE vpn-server: set ifaddr 10.0.4.1 10.0.5.1 255.255.255.0 disable deflate pred1 deny deflate pred1 enable MPPE accept MPPE enable chap81 # Required for MPPE # Example of non-PPP callback. # If you wish to connect to a server that will dial back *without* using # the ppp callback facility (rfc1570), take advantage of the fact that # ppp doesn't look for carrier 'till `set login' is complete: # # Here, we expect the server to say DIALBACK then disconnect after # we've authenticated ourselves. When this has happened, we wait # 60 seconds for a RING. # # Note, it's important that we tell ppp not to expect carrier, otherwise # we'll drop out at the ``NO CARRIER'' stage. # dialback: set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATZ OK-ATZ-OK \ ATDT\\T TIMEOUT 60 CONNECT" set cd off set login "TIMEOUT 5 ogin:--ogin: ppp word: ppp TIMEOUT 15 DIALBACK \ \"\" NO\\sCARRIER \"\" TIMEOUT 60 RING ATA CONNECT" # Example of PPP callback. # Alternatively, if the peer is using the PPP callback protocol, we're # happy either with ``auth'' style callback where the server dials us # back based on what we authenticate ourselves with, ``cbcp'' style # callback (invented by Microsoft but not agreed by the IETF) where # we negotiate callback *after* authentication or E.164 callback where # we specify only a phone number. I would recommend only ``auth'' and/or # ``cbcp'' callback methods. # For ``cbcp'', we insist that we choose ``1234567'' as the number that # the server must call back. # callback: load pmdemand # load in the pmdemand config set callback auth cbcp e.164 1234567 set cbcp 1234567 # If we're running a ppp server that wants to only call back microsoft # clients on numbers configured in /etc/ppp/ppp.secret (the 5th field): # callback-server: load server set callback cbcp set cbcp set log +cbcp set redial 3 1 - set device /dev/cuad0 + set device /dev/cuau0 set speed 115200 set dial "TIMEOUT 10 \"\" AT OK-AT-OK ATDT\\T CONNECT" # Or if we want to allow authenticated clients to specify their own # callback number: # callback-server-client-decides: load callback-server set cbcp * # Multilink mode is available (rfc1990). # To enable multi-link capabilities, you must specify a MRRU. 1500 is # a reasonable value. To create new links, use the ``clone'' command # to duplicate an existing link. If you already have more than one # link, you must specify which link you wish to run the command on via # the ``link'' command. # # It's worth increasing your MTU and MRU slightly in multi-link mode to # prevent full packets from being fragmented. # # You can now ``dial'' specific links, or even dial all links at the # same time. The `dial' command may also be prefixed with a specific # link that should do the dialing. # mloop: load loop - set device /dev/cuad0 /dev/cuad1 /dev/cuad2 # Use any of these devices + set device /dev/cuau0 /dev/cuau1 /dev/cuau2 # Use any of these devices set mode interactive set mrru 1500 set mru 1504 # Room for the MP header clone 1 2 3 link deflink remove # dial # link 2 dial # link 3 dial mloop-in: set timeout 0 # No idle timer set log tun phase allow mode direct set mrru 1500 set mru 1504 # Room for the MP header # User supplied authentication: # It's possible to run ppp in the background while specifying a # program to use to obtain authentication details on demand. # This program would usually be a simple GUI that presents a # prompt to a known user. The ``chap-auth'' program is supplied # as an example (and requires tcl version 8.0). # CHAPprompt: load PAPorCHAPpmdemand set authkey !/usr/share/examples/ppp/chap-auth # It's possible to do the same sort of thing at the login prompt. # Here, after sending ``brian'' in response to the ``name'' prompt, # we're prompted with ``code:''. A window is then displayed on the # ``keep:0.0'' display and the typed response is sent to the peer # as the password. We then expect to see ``MTU'' and ``.'' in the # servers response. # loginprompt: load pmdemand set authname "brian" set login "ABORT NO\\sCARRIER TIMEOUT 15 \"\" \"\" name:--name: \\U \ code: \"!/usr/share/examples/ppp/login-auth -display keep:0.0 \ AUTHNAME\" MTU \\c ." # ppp supports ppp over ethernet (PPPoE). Beware, many PPP servers cache # the MAC address that connects to them, making it impossible to switch # your PPPoE connection between machines. # # The current implementation requires Netgraph, so it doesn't work with # OpenBSD or NetBSD. # # The client should be something like this: # pppoe: set device PPPoE:de0:pppoe-in enable lqr echo set cd 5 set dial set login set redial 0 0 # And the server should be running # # /usr/libexec/pppoed -p pppoe-in fxp0 # # See rc.conf(5) # pppoe-in: allow mode direct # Only for use on server-side enable lqr echo proxy # Enable LQR and proxy-arp enable chap pap passwdauth # Force client authentication set ifaddr 10.0.0.1 10.0.0.100-10.0.0.199 # Hand out up to 100 IP numbers accept dns # Allow DNS negotiation # It's possible to run ppp back-to-back with itself. This is useful # for testing. # # When testing scalability and concurrency, the following profile might # be used. # # Note, you'll have to make some other machine adjustments: # # o Bump maxusers in your kernel configuration to about 256 so that there # are enough process table slots. # o Bump system file descriptors with ``sysctl kern.maxfiles=20480''. You'll # need 3 descriptors per ppp process (assuming no server socket). # # You can now create 2000 processes (1000 pairs) with: # # n=0 # while [ $n -lt 1000 ]; do ppp -b loop; n=$(($n + 1)); done # # If you want to test concurrency, try using ``ppp -dd loop'' instead. # loop: set timeout 0 set log set device "!ppp -direct loop-in" set dial set login set ifaddr 10.0.1.1/0 10.0.10.1-10.0.19.255 disable deflate pred1 mppe deny deflate pred1 mppe loop-in: set timeout 0 set log allow mode direct set ifaddr 10.0.10.1/0 10.0.1.1-10.0.9.255 disable deflate pred1 mppe deny deflate pred1 mppe Index: head/share/examples/ppp/ppp.conf.span-isp =================================================================== --- head/share/examples/ppp/ppp.conf.span-isp (revision 244039) +++ head/share/examples/ppp/ppp.conf.span-isp (revision 244040) @@ -1,194 +1,194 @@ # $FreeBSD$ # This advanced ppp configuration file explains how to implement # the following: # # ------------- ------------- ------------- # | host1 | | host2 | | host3 | # ------------- ------------- ------------- # | | | # |---------------------- LAN ----------------------| # | # ------------- # | Gateway | # ------------- # | # ----------------------------------- # | | | | # isp1 isp2 isp3 ispN # | | | | # ----------------------------------- # | # ------------ # | Receiver | # ------------ # | # Internet # # The connection is implemented so that any ISP connection can go down # without loss of connectivity between the LAN and the Internet. It is # of course also possible to shut down any link manually. # # There is a working example in ppp.*.span-isp.working that can be tested # on a single machine ! # # # Prerequisites: # # o The Receiver machine must be in the outside world and must be willing # to accept a multilink ppp connection over UDP, assigning a routable IP # number to the Gateway machine. This probably means that it must be # a *BSD box as I know of no other ppp implementations that can use UDP # as a transport. # # o The Receiver machine must be multi-homed with at least N+1 addresses # where N is the maximun number of ISPs that you wish to use # simultaneously. We assume the IP numbers to be RIP1, RIP2 ... RIPN. # REAL-LOCAL-IP is the real IP number of the Receiver machine (and must # not be the same as any of the RIP* numbers). # # o Both the Gateway and the Receiver machines must have several tun # interfaces configured into the kernel (see below). # # o Both the Gateway and the Receiver machines must have the following # entry in /etc/services: # # ppp 6671/udp # # The port number isn't important, but it must be consistent across # machines. # # o The Receiver machine must have the following entry in # /etc/inetd.conf: # # ppp dgram udp wait root /usr/sbin/ppp ppp -direct vpn-in # # Note: Because inetd ``wait''s for ppp to finish, a single ppp # invocation receives all incoming packets. This creates # havoc with LQR magic number checks, so LQR *must not* be # enabled. # Also, -direct invocations of ppp do sendto()s using the # address that was last recvfrom()d. This means that the # returning traffic is a bit unbalanced. Perhaps ppp should # be smart enough to automatically clone an existing link # when it detects a new incoming address.... tricky ! # # If you use ppp to connect to your ISPs, the isp* profiles shold be used, # resulting in the vpn* profiles being called from ppp.linkup.span-isp. # These invocations will bond together into a MP ppp invocation. # # If the link to your ISP is via another type of interface (cable modem # etc), simply configure the interface with a netmask of 0xffffffff and # add a route to RIPN via the interface address (no default). You can # then start ppp using the vpn-nic label. # # The Receiver machine should have N tun interfaces (where N is the maximum # number of ISPs that you wish to use simultaneously). The Gateway machine # requires N interfaces plus an additional N interfaces (total 2 * N) if # you're using ppp to talk to the ISPs. # Using ppp to connect to your ISPs (PPP over UDP over PPP): # # When we connect to our ISPs using ppp, we start the MP ppp invocation # from ppp.linkup (see ppp.linkup.span-isp) for each link. We also remove # the link from ppp.linkdown (see ppp.linkdown.span-isp). This is necessary # because relying on our LQR strategy (dropping the link after 5 missing # replies) is just too slow to be practical in this environment. # # This works because the MP invocations are smart enough to recognise that # another process is already running and to pass the link over to that # running version. # # Only the ISP links should be started manually. When they come up, they'll # start the MP invocation. default: set speed 115200 - set device /dev/cuad0 /dev/cuad1 /dev/cuad2 /dev/cuad3 + set device /dev/cuau0 /dev/cuau1 /dev/cuau2 /dev/cuau3 set dial "ABORT BUSY ABORT NO\\sCARRIER ABORT NO\\sDIAL\\sTONE TIMEOUT 4 \ \"\" ATZ OK-ATZ-OK ATDT\\T TIMEOUT 60 CONNECT \\c \\n" set login set redial 3 5 set timeout 0 enable lqr echo set lqrperiod 15 isp1: set phone "1234567" set authname "isp1name" set authkey "isp1key" add! RIP1/32 HISADDR isp2: set phone "2345678" set authname "isp2name" set authkey "isp2key" add! RIP2/32 HISADDR ispN: set phone "3456789" set authname "ispNname" set authkey "ispNkey" add! RIPN/32 HISADDR # Our MP version of ppp. vpn is a generic label used by each of the # other vpn invocations by envoking ppp with both labels (see # ppp.linkup.span-isp). # Each ``set device'' command tells ppp to use UDP packets destined for # the given IP/port as the link (transport). The routing table will # ensure that these UDP packets use the correct ISP connection. vpn: set enddisc LABEL set speed sync set mrru 1500 set mru 1504 # Room for the MP header nat enable yes set authname "vpnname" set authkey "vpnkey" add! default HISADDR disable deflate pred1 lqr deny deflate pred1 vpn1: rename 1 set device RIP1:ppp/udp vpn2: rename 2 set device RIP2:ppp/udp vpnN: rename N set device RIPN:ppp/udp vpn-nic: load vpn clone 1 2 N link deflink rm link 1 set device RIP1:ppp/udp link 2 set device RIP2:ppp/udp link N set device RIPN:ppp/udp # The Receiver profile is a bit more straight forward, as it doesn't need # to get bogged down with sublinks. Replace REAL-ASSIGNED-IP with the # IP number to be assigned to the Gateway machine. Replace REAL-LOCAL-IP # with the real IP number of the Receiver machine. # # No other entries are required on the Receiver machine, and this entry # is not required on the Gateway machine. The Receiver machine also # requires the contents of ppp.secret.span-isp. # # Of course it's simple to assign an IP block to the client with a simple # ``add'' command, and then have the client use those IP numbers on its # LAN rather than using ``nat enable yes''. vpn-in: set enddisc label set speed sync set mrru 1500 set mru 1504 # Room for the MP header enable chap disable lqr set ifaddr REAL-LOCAL-IP REAL-ASSIGNED-IP Index: head/share/man/man4/gdb.4 =================================================================== --- head/share/man/man4/gdb.4 (revision 244039) +++ head/share/man/man4/gdb.4 (revision 244040) @@ -1,603 +1,603 @@ .\" Copyright (c) 2003 Greg Lehey .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd February 8, 2005 .Dt GDB 4 .Os .Sh NAME .Nm gdb .Nd external kernel debugger .Sh SYNOPSIS .Cd "makeoptions DEBUG=-g" .Cd "options DDB" .Sh DESCRIPTION The .Nm kernel debugger is a variation of .Xr gdb 1 which understands some aspects of the .Fx kernel environment. It can be used in a number of ways: .Bl -bullet .It It can be used to examine the memory of the processor on which it runs. .It It can be used to analyse a processor dump after a panic. .It It can be used to debug another system interactively via a serial or firewire link. In this mode, the processor can be stopped and single stepped. .It With a firewire link, it can be used to examine the memory of a remote system without the participation of that system. In this mode, the processor cannot be stopped and single stepped, but it can be of use when the remote system has crashed and is no longer responding. .El .Pp When used for remote debugging, .Nm requires the presence of the .Xr ddb 4 kernel debugger. Commands exist to switch between .Nm and .Xr ddb 4 . .Sh PREPARING FOR DEBUGGING When debugging kernels, it is practically essential to have built a kernel with debugging symbols .Pq Cd "makeoptions DEBUG=-g" . It is easiest to perform operations from the kernel build directory, by default .Pa /usr/obj/usr/src/sys/GENERIC . .Pp First, ensure you have a copy of the debug macros in the directory: .Pp .Dl "make gdbinit" .Pp This command performs some transformations on the macros installed in .Pa /usr/src/tools/debugscripts to adapt them to the local environment. .Ss "Inspecting the environment of the local machine" To look at and change the contents of the memory of the system you are running on, .Pp .Dl "gdb -k -wcore kernel.debug /dev/mem" .Pp In this mode, you need the .Fl k flag to indicate to .Xr gdb 1 that the .Dq "dump file" .Pa /dev/mem is a kernel data file. You can look at live data, and if you include the .Fl wcore option, you can change it at your peril. The system does not stop (obviously), so a number of things will not work. You can set breakpoints, but you cannot .Dq continue execution, so they will not work. .Ss "Debugging a crash dump" By default, crash dumps are stored in the directory .Pa /var/crash . Investigate them from the kernel build directory with: .Pp .Dl "gdb -k kernel.debug /var/crash/vmcore.29" .Pp In this mode, the system is obviously stopped, so you can only look at it. .Ss "Debugging a live system with a remote link" In the following discussion, the term .Dq "local system" refers to the system running the debugger, and .Dq "remote system" refers to the live system being debugged. .Pp To debug a live system with a remote link, the kernel must be compiled with the option .Cd "options DDB" . The option .Cd "options BREAK_TO_DEBUGGER" enables the debugging machine stop the debugged machine once a connection has been established by pressing .Ql ^C . .Ss "Debugging a live system with a remote serial link" When using a serial port for the remote link on the i386 platform, the serial port must be identified by setting the flag bit .Li 0x80 for the specified interface. Generally, this port will also be used as a serial console (flag bit .Li 0x10 ) , so the entry in .Pa /boot/device.hints should be: .Pp .Dl hint.sio.0.flags="0x90" .Ss "Debugging a live system with a remote firewire link" As with serial debugging, to debug a live system with a firewire link, the kernel must be compiled with the option .Cd "options DDB" . .Pp A number of steps must be performed to set up a firewire link: .Bl -bullet .It Ensure that both systems have .Xr firewire 4 support, and that the kernel of the remote system includes the .Xr dcons 4 and .Xr dcons_crom 4 drivers. If they are not compiled into the kernel, load the KLDs: .Pp .Dl "kldload firewire" .Pp On the remote system only: .Bd -literal -offset indent kldload dcons kldload dcons_crom .Ed .Pp You should see something like this in the .Xr dmesg 8 output of the remote system: .Bd -literal -offset indent fwohci0: BUS reset fwohci0: node_id=0x8800ffc0, gen=2, non CYCLEMASTER mode firewire0: 2 nodes, maxhop <= 1, cable IRM = 1 firewire0: bus manager 1 firewire0: New S400 device ID:00c04f3226e88061 dcons_crom0: on firewire0 dcons_crom0: bus_addr 0x22a000 .Ed .Pp It is a good idea to load these modules at boot time with the following entry in .Pa /boot/loader.conf : .Pp .Dl dcons_crom_enable="YES" .Pp This ensures that all three modules are loaded. There is no harm in loading .Xr dcons 4 and .Xr dcons_crom 4 on the local system, but if you only want to load the .Xr firewire 4 module, include the following in .Pa /boot/loader.conf : .Pp .Dl firewire_enable="YES" .It Next, use .Xr fwcontrol 8 to find the firewire node corresponding to the remote machine. On the local machine you might see: .Bd -literal -offset indent # fwcontrol 2 devices (info_len=2) node EUI64 status 1 0x00c04f3226e88061 0 0 0x000199000003622b 1 .Ed .Pp The first node is always the local system, so in this case, node 0 is the remote system. If there are more than two systems, check from the other end to find which node corresponds to the remote system. On the remote machine, it looks like this: .Bd -literal -offset indent # fwcontrol 2 devices (info_len=2) node EUI64 status 0 0x000199000003622b 0 1 0x00c04f3226e88061 1 .Ed .It Next, establish a firewire connection with .Xr dconschat 8 : .Pp .Dl "dconschat -br -G 5556 -t 0x000199000003622b" .Pp .Li 0x000199000003622b is the EUI64 address of the remote node, as determined from the output of .Xr fwcontrol 8 above. When started in this manner, .Xr dconschat 8 establishes a local tunnel connection from port .Li localhost:5556 to the remote debugger. You can also establish a console port connection with the .Fl C option to the same invocation .Xr dconschat 8 . See the .Xr dconschat 8 manpage for further details. .Pp The .Xr dconschat 8 utility does not return control to the user. It displays error messages and console output for the remote system, so it is a good idea to start it in its own window. .It Finally, establish connection: .Bd -literal -offset indent # gdb kernel.debug GNU gdb 5.2.1 (FreeBSD) .Em "(political statements omitted)" Ready to go. Enter 'tr' to connect to the remote target -with /dev/cuad0, 'tr /dev/cuad1' to connect to a different port +with /dev/cuau0, 'tr /dev/cuau1' to connect to a different port or 'trf portno' to connect to the remote target with the firewire interface. portno defaults to 5556. Type 'getsyms' after connection to load kld symbols. If you are debugging a local system, you can use 'kldsyms' instead to load the kld symbols. That is a less obnoxious interface. (gdb) trf 0xc21bd378 in ?? () .Ed .Pp The .Ic trf macro assumes a connection on port 5556. If you want to use a different port (by changing the invocation of .Xr dconschat 8 above), use the .Ic tr macro instead. For example, if you want to use port 4711, run .Xr dconschat 8 like this: .Pp .Dl "dconschat -br -G 4711 -t 0x000199000003622b" .Pp Then establish connection with: .Bd -literal -offset indent (gdb) tr localhost:4711 0xc21bd378 in ?? () .Ed .El .Ss "Non-cooperative debugging a live system with a remote firewire link" In addition to the conventional debugging via firewire described in the previous section, it is possible to debug a remote system without its cooperation, once an initial connection has been established. This corresponds to debugging a local machine using .Pa /dev/mem . It can be very useful if a system crashes and the debugger no longer responds. To use this method, set the .Xr sysctl 8 variables .Va hw.firewire.fwmem.eui64_hi and .Va hw.firewire.fwmem.eui64_lo to the upper and lower halves of the EUI64 ID of the remote system, respectively. From the previous example, the remote machine shows: .Bd -literal -offset indent # fwcontrol 2 devices (info_len=2) node EUI64 status 0 0x000199000003622b 0 1 0x00c04f3226e88061 1 .Ed .Pp Enter: .Bd -literal -offset indent # sysctl -w hw.firewire.fwmem.eui64_hi=0x00019900 hw.firewire.fwmem.eui64_hi: 0 -> 104704 # sysctl -w hw.firewire.fwmem.eui64_lo=0x0003622b hw.firewire.fwmem.eui64_lo: 0 -> 221739 .Ed .Pp Note that the variables must be explicitly stated in hexadecimal. After this, you can examine the remote machine's state with the following input: .Bd -literal -offset indent # gdb -k kernel.debug /dev/fwmem0.0 GNU gdb 5.2.1 (FreeBSD) .Em "(messages omitted)" Reading symbols from /boot/kernel/dcons.ko...done. Loaded symbols for /boot/kernel/dcons.ko Reading symbols from /boot/kernel/dcons_crom.ko...done. Loaded symbols for /boot/kernel/dcons_crom.ko #0 sched_switch (td=0xc0922fe0) at /usr/src/sys/kern/sched_4bsd.c:621 0xc21bd378 in ?? () .Ed .Pp In this case, it is not necessary to load the symbols explicitly. The remote system continues to run. .Sh COMMANDS The user interface to .Nm is via .Xr gdb 1 , so .Xr gdb 1 commands also work. This section discusses only the extensions for kernel debugging that get installed in the kernel build directory. .Ss "Debugging environment" The following macros manipulate the debugging environment: .Bl -tag -width indent .It Ic ddb Switch back to .Xr ddb 4 . This command is only meaningful when performing remote debugging. .It Ic getsyms Display .Ic kldstat information for the target machine and invite user to paste it back in. This is required because .Nm does not allow data to be passed to shell scripts. It is necessary for remote debugging and crash dumps; for local memory debugging use .Ic kldsyms instead. .It Ic kldsyms Read in the symbol tables for the debugging machine. This does not work for remote debugging and crash dumps; use .Ic getsyms instead. .It Ic tr Ar interface Debug a remote system via the specified serial or firewire interface. .It Ic tr0 Debug a remote system via serial interface -.Pa /dev/cuad0 . +.Pa /dev/cuau0 . .It Ic tr1 Debug a remote system via serial interface -.Pa /dev/cuad1 . +.Pa /dev/cuau1 . .It Ic trf Debug a remote system via firewire interface at default port 5556. .El .Pp The commands .Ic tr0 , tr1 and .Ic trf are convenience commands which invoke .Ic tr . .Ss "The current process environment" The following macros are convenience functions intended to make things easier than the standard .Xr gdb 1 commands. .Bl -tag -width indent .It Ic f0 Select stack frame 0 and show assembler-level details. .It Ic f1 Select stack frame 1 and show assembler-level details. .It Ic f2 Select stack frame 2 and show assembler-level details. .It Ic f3 Select stack frame 3 and show assembler-level details. .It Ic f4 Select stack frame 4 and show assembler-level details. .It Ic f5 Select stack frame 5 and show assembler-level details. .It Ic xb Show 12 words in hex, starting at current .Va ebp value. .It Ic xi List the next 10 instructions from the current .Va eip value. .It Ic xp Show the register contents and the first four parameters of the current stack frame. .It Ic xp0 Show the first parameter of current stack frame in various formats. .It Ic xp1 Show the second parameter of current stack frame in various formats. .It Ic xp2 Show the third parameter of current stack frame in various formats. .It Ic xp3 Show the fourth parameter of current stack frame in various formats. .It Ic xp4 Show the fifth parameter of current stack frame in various formats. .It Ic xs Show the last 12 words on stack in hexadecimal. .It Ic xxp Show the register contents and the first ten parameters. .It Ic z Single step 1 instruction (over calls) and show next instruction. .It Ic zs Single step 1 instruction (through calls) and show next instruction. .El .Ss "Examining other processes" The following macros access other processes. The .Nm debugger does not understand the concept of multiple processes, so they effectively bypass the entire .Nm environment. .Bl -tag -width indent .It Ic btp Ar pid Show a backtrace for the process .Ar pid . .It Ic btpa Show backtraces for all processes in the system. .It Ic btpp Show a backtrace for the process previously selected with .Ic defproc . .It Ic btr Ar ebp Show a backtrace from the .Ar ebp address specified. .It Ic defproc Ar pid Specify the PID of the process for some other commands in this section. .It Ic fr Ar frame Show frame .Ar frame of the stack of the process previously selected with .Ic defproc . .It Ic pcb Ar proc Show some PCB contents of the process .Ar proc . .El .Ss "Examining data structures" You can use standard .Xr gdb 1 commands to look at most data structures. The macros in this section are convenience functions which typically display the data in a more readable format, or which omit less interesting parts of the structure. .Bl -tag -width indent .It Ic bp Show information about the buffer header pointed to by the variable .Va bp in the current frame. .It Ic bpd Show the contents .Pq Vt "char *" of .Va bp->data in the current frame. .It Ic bpl Show detailed information about the buffer header .Pq Vt "struct bp" pointed at by the local variable .Va bp . .It Ic bpp Ar bp Show summary information about the buffer header .Pq Vt "struct bp" pointed at by the parameter .Ar bp . .It Ic bx Print a number of fields from the buffer header pointed at in by the pointer .Ar bp in the current environment. .It Ic vdev Show some information of the .Vt vnode pointed to by the local variable .Va vp . .El .Ss "Miscellaneous macros" .Bl -tag -width indent .It Ic checkmem Check unallocated memory for modifications. This assumes that the kernel has been compiled with .Cd "options DIAGNOSTIC" . This causes the contents of free memory to be set to .Li 0xdeadc0de . .It Ic dmesg Print the system message buffer. This corresponds to the .Xr dmesg 8 utility. This macro used to be called .Ic msgbuf . It can take a very long time over a serial line, and it is even slower via firewire or local memory due to inefficiencies in .Nm . When debugging a crash dump or over firewire, it is not necessary to start .Nm to access the message buffer: instead, use an appropriate variation of .Bd -literal -offset indent dmesg -M /var/crash/vmcore.0 -N kernel.debug dmesg -M /dev/fwmem0.0 -N kernel.debug .Ed .It Ic kldstat Equivalent of the .Xr kldstat 8 utility without options. .It Ic pname Print the command name of the current process. .It Ic ps Show process status. This corresponds in concept, but not in appearance, to the .Xr ps 1 utility. When debugging a crash dump or over firewire, it is not necessary to start .Nm to display the .Xr ps 1 output: instead, use an appropriate variation of .Bd -literal -offset indent ps -M /var/crash/vmcore.0 -N kernel.debug ps -M /dev/fwmem0.0 -N kernel.debug .Ed .It Ic y Kludge for writing macros. When writing macros, it is convenient to paste them back into the .Nm window. Unfortunately, if the macro is already defined, .Nm insists on asking .Pp .Dl "Redefine foo?" .Pp It will not give up until you answer .Ql y . This command is that answer. It does nothing else except to print a warning message to remind you to remove it again. .El .Sh SEE ALSO .Xr gdb 1 , .Xr ps 1 , .Xr ddb 4 , .Xr firewire 4 , .Xr dconschat 8 , .Xr dmesg 8 , .Xr fwcontrol 8 , .Xr kldload 8 .Sh AUTHORS This man page was written by .An "Greg Lehey" Aq grog@FreeBSD.org . .Sh BUGS The .Xr gdb 1 debugger was never designed to debug kernels, and it is not a very good match. Many problems exist. .Pp The .Nm implementation is very inefficient, and many operations are slow. .Pp Serial debugging is even slower, and race conditions can make it difficult to run the link at more than 9600 bps. Firewire connections do not have this problem. .Pp The debugging macros .Dq "just grown" . In general, the person who wrote them did so while looking for a specific problem, so they may not be general enough, and they may behave badly when used in ways for which they were not intended, even if those ways make sense. .Pp Many of these commands only work on the ia32 architecture. Index: head/share/man/man4/mouse.4 =================================================================== --- head/share/man/man4/mouse.4 (revision 244039) +++ head/share/man/man4/mouse.4 (revision 244040) @@ -1,403 +1,403 @@ .\" .\" Copyright (c) 1997 .\" Kazutaka YOKOTA .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer as .\" the first lines of this file unmodified. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd December 3, 1997 .Dt MOUSE 4 .Os .Sh NAME .Nm mouse .Nd mouse and pointing device drivers .Sh SYNOPSIS .In sys/mouse.h .Sh DESCRIPTION The mouse drivers .Xr mse 4 , .Xr psm 4 , .Xr ums 4 and .Xr sysmouse 4 provide user programs with movement and button state information of the mouse. Currently there are specific device drivers for bus, InPort, PS/2, and USB mice. The serial mouse is not directly supported by a dedicated driver, but it is accessible via the serial device driver or via .Xr moused 8 and .Xr sysmouse 4 . .Pp The user program simply opens a mouse device with a .Xr open 2 call and reads mouse data from the device via .Xr read 2 . Movement and button states are usually encoded in fixed-length data packets. Some mouse devices may send data in variable length of packets. Actual protocol (data format) used by each driver differs widely. .Pp The mouse drivers may have ``non-blocking'' attribute which will make the driver return immediately if mouse data is not available. .Pp Mouse device drivers often offer several levels of operation. The current operation level can be examined and changed via .Xr ioctl 2 commands. The level zero is the lowest level at which the driver offers the basic service to user programs. Most drivers provide horizontal and vertical movement of the mouse and state of up to three buttons at this level. At the level one, if supported by the driver, mouse data is encoded in the standard format .Dv MOUSE_PROTO_SYSMOUSE as follows: .Pp .Bl -tag -width Byte_1 -compact .It Byte 1 .Bl -tag -width bit_7 -compact .It bit 7 Always one. .It bit 6..3 Always zero. .It bit 2 Left button status; cleared if pressed, otherwise set. .It bit 1 Middle button status; cleared if pressed, otherwise set. Always one, if the device does not have the middle button. .It bit 0 Right button status; cleared if pressed, otherwise set. .El .It Byte 2 The first half of horizontal movement count in two's complement; -128 through 127. .It Byte 3 The first half of vertical movement count in two's complement; -128 through 127. .It Byte 4 The second half of the horizontal movement count in two's complement; -128 through 127. To obtain the full horizontal movement count, add the byte 2 and 4. .It Byte 5 The second half of the vertical movement count in two's complement; -128 through 127. To obtain the full vertical movement count, add the byte 3 and 5. .It Byte 6 The bit 7 is always zero. The lower 7 bits encode the first half of Z axis movement count in two's complement; -64 through 63. .It Byte 7 The bit 7 is always zero. The lower 7 bits encode the second half of the Z axis movement count in two's complement; -64 through 63. To obtain the full Z axis movement count, add the byte 6 and 7. .It Byte 8 The bit 7 is always zero. The bits 0 through 6 reflect the state of the buttons 4 through 10. If a button is pressed, the corresponding bit is cleared. Otherwise the bit is set. .El .Pp The first 5 bytes of this format is compatible with the MouseSystems format. The additional 3 bytes have their MSBs always set to zero. Thus, if the user program can interpret the MouseSystems data format and tries to find the first byte of the format by detecting the bit pattern 10000xxxb, it will discard the additional bytes, thus, be able to decode x, y and states of 3 buttons correctly. .Pp Device drivers may offer operation levels higher than one. Refer to manual pages of individual drivers for details. .Sh IOCTLS The following .Xr ioctl 2 commands are defined for the mouse drivers. The degree of support varies from one driver to another. This section gives general description of the commands. Refer to manual pages of individual drivers for specific details. .Pp .Bl -tag -width MOUSE -compact .It Dv MOUSE_GETLEVEL Ar int *level .It Dv MOUSE_SETLEVEL Ar int *level These commands manipulate the operation level of the mouse driver. .Pp .It Dv MOUSE_GETHWINFO Ar mousehw_t *hw Returns the hardware information of the attached device in the following Except for the .Dv iftype field, the device driver may not always fill the structure with correct values. Consult manual pages of individual drivers for details of support. .Bd -literal typedef struct mousehw { int buttons; /* number of buttons */ int iftype; /* I/F type */ int type; /* mouse/track ball/pad... */ int model; /* I/F dependent model ID */ int hwid; /* I/F dependent hardware ID */ } mousehw_t; .Ed .Pp The .Dv buttons field holds the number of buttons detected by the driver. The driver may put an arbitrary value, such as two, in this field, if it cannot determine the exact number. .Pp The .Dv iftype is the type of interface: .Dv MOUSE_IF_SERIAL , .Dv MOUSE_IF_BUS , .Dv MOUSE_IF_INPORT , .Dv MOUSE_IF_PS2 , .Dv MOUSE_IF_USB , .Dv MOUSE_IF_SYSMOUSE or .Dv MOUSE_IF_UNKNOWN . .Pp The .Dv type tells the device type: .Dv MOUSE_MOUSE , .Dv MOUSE_TRACKBALL , .Dv MOUSE_STICK , .Dv MOUSE_PAD , or .Dv MOUSE_UNKNOWN . .Pp The .Dv model may be .Dv MOUSE_MODEL_GENERIC or one of .Dv MOUSE_MODEL_XXX constants. .Pp The .Dv hwid is the ID value returned by the pointing device. It depend on the interface type; refer to the manual page of specific mouse drivers for possible values. .Pp .It Dv MOUSE_GETMODE Ar mousemode_t *mode The command reports the current operation parameters of the mouse driver. .Bd -literal typedef struct mousemode { int protocol; /* MOUSE_PROTO_XXX */ int rate; /* report rate (per sec) */ int resolution; /* MOUSE_RES_XXX, -1 if unknown */ int accelfactor; /* acceleration factor */ int level; /* driver operation level */ int packetsize; /* the length of the data packet */ unsigned char syncmask[2]; /* sync. bits */ } mousemode_t; .Ed .Pp The .Dv protocol field tells the format in which the device status is returned when the mouse data is read by the user program. It is one of .Dv MOUSE_PROTO_XXX constants. .Pp The .Dv rate field is the status report rate (reports/sec) at which the device will send movement reports to the host computer. -1 if unknown or not applicable. .Pp The .Dv resolution field holds a value specifying resolution of the pointing device. It is a positive value or one of .Dv MOUSE_RES_XXX constants. .Pp The .Dv accelfactor field holds a value to control acceleration feature. It must be zero or greater. If it is zero, acceleration is disabled. .Pp The .Dv packetsize field tells the length of the fixed-size data packet or the length of the fixed part of the variable-length packet. The size depends on the interface type, the device type and model, the protocol and the operation level of the driver. .Pp The array .Dv syncmask holds a bit mask and pattern to detect the first byte of the data packet. .Dv syncmask[0] is the bit mask to be ANDed with a byte. If the result is equal to .Dv syncmask[1] , the byte is likely to be the first byte of the data packet. Note that this method of detecting the first byte is not 100% reliable, thus, should be taken only as an advisory measure. .Pp .It Dv MOUSE_SETMODE Ar mousemode_t *mode The command changes the current operation parameters of the mouse driver as specified in .Ar mode . Only .Dv rate , .Dv resolution , .Dv level and .Dv accelfactor may be modifiable. Setting values in the other field does not generate error and has no effect. .Pp If you do not want to change the current setting of a field, put -1 there. You may also put zero in .Dv resolution and .Dv rate , and the default value for the fields will be selected. .\" .Pp .\" .It Dv MOUSE_GETVARS Ar mousevar_t *vars .\" Get internal variables of the mouse driver. .\" The variables which can be manipulated through these commands .\" are specific to each driver. .\" This command may not be supported by all drivers. .\" .Bd -literal .\" typedef struct mousevar { .\" int var[16]; /* internal variables */ .\" } mousevar_t; .\" .Ed .\" .Pp .\" If the commands are supported, the first element of the array is .\" filled with a signature value. .\" Apart from the signature data, there is currently no standard concerning .\" the other elements of the buffer. .\" .Pp .\" .It Dv MOUSE_SETVARS Ar mousevar_t *vars .\" Get internal variables of the mouse driver. .\" The first element of the array must be a signature value. .\" This command may not be supported by all drivers. .Pp .It Dv MOUSE_READDATA Ar mousedata_t *data The command reads the raw data from the device. .Bd -literal typedef struct mousedata { int len; /* # of data in the buffer */ int buf[16]; /* data buffer */ } mousedata_t; .Ed .Pp The calling process must fill the .Dv len field with the number of bytes to be read into the buffer. This command may not be supported by all drivers. .Pp .It Dv MOUSE_READSTATE Ar mousedata_t *state The command reads the raw state data from the device. It uses the same structure as above. This command may not be supported by all drivers. .Pp .It Dv MOUSE_GETSTATUS Ar mousestatus_t *status The command returns the current state of buttons and movement counts in the following structure. .Bd -literal typedef struct mousestatus { int flags; /* state change flags */ int button; /* button status */ int obutton; /* previous button status */ int dx; /* x movement */ int dy; /* y movement */ int dz; /* z movement */ } mousestatus_t; .Ed .Pp The .Dv button and .Dv obutton fields hold the current and the previous state of the mouse buttons. When a button is pressed, the corresponding bit is set. The mouse drivers may support up to 31 buttons with the bit 0 through 31. Few button bits are defined as .Dv MOUSE_BUTTON1DOWN through .Dv MOUSE_BUTTON8DOWN . The first three buttons correspond to left, middle and right buttons. .Pp If the state of the button has changed since the last .Dv MOUSE_GETSTATUS call, the corresponding bit in the .Dv flags field will be set. If the mouse has moved since the last call, the .Dv MOUSE_POSCHANGED bit in the .Dv flags field will also be set. .Pp The other fields hold movement counts since the last .Dv MOUSE_GETSTATUS call. The internal counters will be reset after every call to this command. .El .Sh FILES .Bl -tag -width /dev/sysmouseXX -compact -.It Pa /dev/cuad%d +.It Pa /dev/cuau%d serial ports .It Pa /dev/mse%d bus and InPort mouse device .It Pa /dev/psm%d PS/2 mouse device .It Pa /dev/sysmouse virtual mouse device .It Pa /dev/ums%d USB mouse device .El .Sh SEE ALSO .Xr ioctl 2 , .Xr mse 4 , .Xr psm 4 , .Xr sysmouse 4 , .Xr ums 4 , .Xr moused 8 .\".Sh HISTORY .Sh AUTHORS This manual page was written by .An Kazutaka Yokota Aq yokota@FreeBSD.org . Index: head/share/man/man5/rc.conf.5 =================================================================== --- head/share/man/man5/rc.conf.5 (revision 244039) +++ head/share/man/man5/rc.conf.5 (revision 244040) @@ -1,4703 +1,4703 @@ .\" Copyright (c) 1995 .\" Jordan K. Hubbard .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd October 27, 2012 .Dt RC.CONF 5 .Os .Sh NAME .Nm rc.conf .Nd system configuration information .Sh DESCRIPTION The file .Nm contains descriptive information about the local host name, configuration details for any potential network interfaces and which services should be started up at system initial boot time. In new installations, the .Nm file is generally initialized by the system installation utility, .Xr sysinstall 8 . .Pp The purpose of .Nm is not to run commands or perform system startup actions directly. Instead, it is included by the various generic startup scripts in .Pa /etc which conditionalize their internal actions according to the settings found there. .Pp The .Pa /etc/rc.conf file is included from the file .Pa /etc/defaults/rc.conf , which specifies the default settings for all the available options. Options need only be specified in .Pa /etc/rc.conf when the system administrator wishes to override these defaults. The file .Pa /etc/rc.conf.local is used to override settings in .Pa /etc/rc.conf for historical reasons. In addition to .Pa /etc/rc.conf.local you can also place smaller configuration files for each .Xr rc 8 script in the .Pa /etc/rc.conf.d directory, which will be included by the .Va load_rc_config function. For jail configurations you could use the file .Pa /etc/rc.conf.d/jail to store jail specific configuration options. Also see the .Va rc_conf_files variable below. .Pp Options are set with .Dq Ar name Ns Li = Ns Ar value assignments that use .Xr sh 1 syntax. The following list provides a name and short description for each variable that can be set in the .Nm file: .Bl -tag -width indent-two .It Va rc_debug .Pq Vt bool If set to .Dq Li YES , enable output of debug messages from rc scripts. This variable can be helpful in diagnosing mistakes when editing or integrating new scripts. Beware that this produces copious output to the terminal and .Xr syslog 3 . .It Va rc_info .Pq Vt bool If set to .Dq Li NO , disable informational messages from the rc scripts. Informational messages are displayed when a condition that is not serious enough to warrant a warning or an error occurs. .It Va rc_startmsgs .Pq Vt bool If set to .Dq Li YES , show .Dq Starting foo: when faststart is used (e.g., at boot time). .It Va early_late_divider .Pq Vt str The name of the script that should be used as the delimiter between the .Dq early and .Dq late stages of the boot process. The early stage should contain all the services needed to get the disks (local or remote) mounted so that the late stage can include scripts contained in the directories listed in the .Va local_startup variable (see below). Thus, the two likely candidates for this value are .Pa mountcritlocal for the typical system, and .Pa mountcritremote if the system needs remote file systems mounted to get access to the .Va local_startup directories; for example when .Pa /usr/local is NFS mounted. For .Pa rc.conf within a .Xr jail 8 .Pa NETWORKING is likely to be an appropriate value. Extreme care should be taken when changing this value, and before changing it one should ensure that there are adequate provisions to recover from a failed boot (such as physical contact with the machine, or reliable remote console access). .It Va always_force_depends .Pq Vt bool Various .Pa rc.d scripts use the force_depend function to check whether required services are already running, and to start them if necessary. By default during boot time this check is bypassed if the required service is enabled in .Pa /etc/rc.conf[.local] . Setting this option will bypass that check at boot time and always test whether or not the service is actually running. Enabling this option is likely to increase your boot time if services are enabled that utilize the force_depend check. .It Va swapfile .Pq Vt str If set to .Dq Li NO , no swapfile is installed, otherwise the value is used as the full pathname to a file to use for additional swap space. .It Ao Ar name Ac Ns Va _chroot .Pq Vt str .Xr chroot to this directory before running the service. .It Ao Ar name Ac Ns Va _user .Pq Vt str Run the service under this user account. .It Ao Ar name Ac Ns Va _group .Pq Vt str Run the chrooted service under this system group. Unlike the _user setting, this setting has no effect if the service is not chrooted. .It Ao Ar name Ac Ns Va _fib .Pq Vt int The .Xr setfib 1 value to run the service under. .It Ao Ar name Ac Ns Va _nice .Pq Vt int The .Xr nice 1 value to run the service under. .It Va apm_enable .Pq Vt bool If set to .Dq Li YES , enable support for Automatic Power Management with the .Xr apm 8 command. .It Va apmd_enable .Pq Vt bool Run .Xr apmd 8 to handle APM event from userland. This also enables support for APM. .It Va apmd_flags .Pq Vt str If .Va apmd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr apmd 8 daemon. .It Va devd_enable .Pq Vt bool Run .Xr devd 8 to handle device added, removed or unknown events from the kernel. .It Va ddb_enable .Pq Vt bool Run .Xr ddb 8 to install .Xr ddb 4 scripts at boot time. .It Va ddb_config .Pq Vt str Configuration file for .Xr ddb 8 . Default .Pa /etc/ddb.conf . .It Va kld_list .Pq Vt str A list of kernel modules to load right after the local disks are mounted. Loading modules at this point in the boot process is much faster than doing it via .Pa /boot/loader.conf for those modules not necessary for mounting local disk. .It Va kldxref_enable .Pq Vt bool Set to .Dq Li NO by default. Set to .Dq Li YES to automatically rebuild .Pa linker.hints files with .Xr kldxref 8 at boot time. .It Va kldxref_clobber .Pq Vt bool Set to .Dq Li NO by default. If .Va kldxref_enable is true, setting to .Dq Li YES will overwrite existing .Pa linker.hints files at boot time. Otherwise, only missing .Pa linker.hints files are generated. .It Va kldxref_module_path .Pq Vt str Empty by default. A semi-colon .Pq Ql \&; delimited list of paths containing .Xr kld 4 modules. If empty, the contents of the .Va kern.module_path .Xr sysctl 8 are used. .It Va powerd_enable .Pq Vt bool If set to .Dq Li YES , enable the system power control facility with the .Xr powerd 8 daemon. .It Va powerd_flags .Pq Vt str If .Va powerd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr powerd 8 daemon. .It Va tmpmfs Controls the creation of a .Pa /tmp memory file system. Always happens if set to .Dq Li YES and never happens if set to .Dq Li NO . If set to anything else, a memory file system is created if .Pa /tmp is not writable. .It Va tmpsize Controls the size of a created .Pa /tmp memory file system. .It Va tmpmfs_flags Extra options passed to the .Xr mdmfs 8 utility when the memory file system for .Pa /tmp is created. The default is .Dq Li "-S" , which inhibits the use of softupdates on .Pa /tmp so that file system space is freed without delay after file truncation or deletion. See .Xr mdmfs 8 for other options you can use in .Va tmpmfs_flags . .It Va varmfs Controls the creation of a .Pa /var memory file system. Always happens if set to .Dq Li YES and never happens if set to .Dq Li NO . If set to anything else, a memory file system is created if .Pa /var is not writable. .It Va varsize Controls the size of a created .Pa /var memory file system. .It Va varmfs_flags Extra options passed to the .Xr mdmfs 8 utility when the memory file system for .Pa /var is created. The default is .Dq Li "-S" , which inhibits the use of softupdates on .Pa /var so that file system space is freed without delay after file truncation or deletion. See .Xr mdmfs 8 for other options you can use in .Va varmfs_flags . .It Va populate_var Controls the automatic population of the .Pa /var file system. Always happens if set to .Dq Li YES and never happens if set to .Dq Li NO . If set to anything else, a memory file system is created if .Pa /var is not writable. Note that this process requires access to certain commands in .Pa /usr before .Pa /usr is mounted on normal systems. .It Va cleanvar_enable .Pq Vt bool Clean the .Pa /var directory. .It Va local_startup .Pq Vt str List of directories to search for startup script files. .It Va script_name_sep .Pq Vt str The field separator to use for breaking down the list of startup script files into individual filenames. The default is a space. It is not necessary to change this unless there are startup scripts with names containing spaces. .It Va hostapd_enable .Pq Vt bool Set to .Dq Li YES to start .Xr hostapd 8 at system boot time. .It Va hostname .Pq Vt str The fully qualified domain name (FQDN) of this host on the network. This should almost certainly be set to something meaningful, even if there is no network connection. If .Xr dhclient 8 is used to set the hostname via DHCP, this variable should be set to an empty string. If this value remains unset when the system is done booting your console login will display the default hostname of .Dq Amnesiac . .It Va nisdomainname .Pq Vt str The NIS domain name of this host, or .Dq Li NO if NIS is not used. .It Va dhclient_program .Pq Vt str Path to the DHCP client program .Pa ( /sbin/dhclient , the .Ox DHCP client, is the default). .It Va dhclient_flags .Pq Vt str Additional flags to pass to the DHCP client program. For the .Ox DHCP client, see the .Xr dhclient 8 manpage for a description of the command line options available. .It Va dhclient_flags_ Ns Aq Ar iface Additional flags to pass to the DHCP client program running on .Ar iface only. When specified, this variable overrides .Va dhclient_flags . .It Va background_dhclient .Pq Vt bool Set to .Dq Li YES to start the DHCP client in background. This can cause trouble with applications depending on a working network, but it will provide a faster startup in many cases. .It Va background_dhclient_ Ns Aq Ar iface When specified, this variable overrides the .Va background_dhclient variable for interface .Ar iface only. .It Va synchronous_dhclient .Pq Vt bool Set to .Dq Li YES to start .Xr dhclient 8 synchronously at startup. This behavior can be overridden on a per-interface basis by replacing the .Dq Li DHCP keyword in the .Va ifconfig_ Ns Aq Ar interface variable with .Dq Li SYNCDHCP or .Dq Li NOSYNCDHCP . .It Va defaultroute_delay .Pq Vt int When set to a positive value, wait up to this long after configuring DHCP interfaces at startup to give the interfaces time to receive a lease. .It Va firewall_enable .Pq Vt bool Set to .Dq Li YES to load firewall rules at startup. If the kernel was not built with .Cd "options IPFIREWALL" , the .Pa ipfw.ko kernel module will be loaded. See also .Va ipfilter_enable . .It Va firewall_script .Pq Vt str This variable specifies the full path to the firewall script to run. The default is .Pa /etc/rc.firewall . .It Va firewall_type .Pq Vt str Names the firewall type from the selection in .Pa /etc/rc.firewall , or the file which contains the local firewall ruleset. Valid selections from .Pa /etc/rc.firewall are: .Pp .Bl -tag -width ".Li simple" -compact .It Li open unrestricted IP access .It Li closed all IP services disabled, except via .Dq Li lo0 .It Li client basic protection for a workstation .It Li simple basic protection for a LAN. .El .Pp If a filename is specified, the full path must be given. .It Va firewall_quiet .Pq Vt bool Set to .Dq Li YES to disable the display of firewall rules on the console during boot. .It Va firewall_logging .Pq Vt bool Set to .Dq Li YES to enable firewall event logging. This is equivalent to the .Dv IPFIREWALL_VERBOSE kernel option. .It Va firewall_logif .Pq Vt bool Set to .Dq Li YES to create pseudo interface .Li ipfw0 for logging. For more details, see .Xr ipfw 8 manual page. .It Va firewall_flags .Pq Vt str Flags passed to .Xr ipfw 8 if .Va firewall_type specifies a filename. .It Va firewall_coscripts .Pq Vt str List of executables and/or rc scripts to run after firewall starts/stops. Default is empty. .\" ----- firewall_nat_enable setting -------------------------------- .It Va firewall_nat_enable .Pq Vt bool The .Xr ipfw 8 equivalent of .Va natd_enable . Setting this to .Dq Li YES enables kernel NAT. .Va firewall_enable must also be set to .Dq Li YES . .It Va firewall_nat_interface .Pq Vt str The .Xr ipfw 8 equivalent of .Va natd_interface . This is the name of the public interface or IP address on which kernel NAT should run. .It Va firewall_nat_flags .Pq Vt str Additional configuration parameters for kernel NAT should be placed here. .It Va dummynet_enable .Pq Vt bool Setting this to .Dq Li YES will automatically load the .Xr dummynet 4 module if .Va firewall_enable is also set to .Dq Li YES . .\" ------------------------------------------------------------------- .It Va natd_program .Pq Vt str Path to .Xr natd 8 . .It Va natd_enable .Pq Vt bool Set to .Dq Li YES to enable .Xr natd 8 . .Va firewall_enable must also be set to .Dq Li YES , and .Xr divert 4 sockets must be enabled in the kernel. If the kernel was not built with .Cd "options IPDIVERT" , the .Pa ipdivert.ko kernel module will be loaded. .It Va natd_interface .Pq Vt str This is the name of the public interface on which .Xr natd 8 should run. The interface may be given as an interface name or as an IP address. .It Va natd_flags .Pq Vt str Additional .Xr natd 8 flags should be placed here. The .Fl n or .Fl a flag is automatically added with the above .Va natd_interface as an argument. .\" ----- ipfilter_enable setting -------------------------------- .It Va ipfilter_enable .Pq Vt bool Set to .Dq Li NO by default. Setting this to .Dq Li YES enables .Xr ipf 8 packet filtering. .Pp Typical usage will require putting .Bd -literal ipfilter_enable="YES" ipnat_enable="YES" ipmon_enable="YES" ipfs_enable="YES" .Ed .Pp into .Pa /etc/rc.conf and editing .Pa /etc/ipf.rules and .Pa /etc/ipnat.rules appropriately. .Pp Note that .Va ipfilter_enable and .Va ipnat_enable can be enabled independently. .Va ipmon_enable and .Va ipfs_enable both require at least one of .Va ipfilter_enable and .Va ipnat_enable to be enabled. .Pp Having .Bd -literal options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK .Ed .Pp in the kernel configuration file is a good idea, too. .\" ----- ipfilter_program setting ------------------------------ .It Va ipfilter_program .Pq Vt str Path to .Xr ipf 8 (default .Pa /sbin/ipf ) . .\" ----- ipfilter_rules setting -------------------------------- .It Va ipfilter_rules .Pq Vt str Set to .Pa /etc/ipf.rules by default. This variable contains the name of the filter rule definition file. The file is expected to be readable for the .Xr ipf 8 command to execute. .\" ----- ipv6_ipfilter_rules setting --------------------------- .It Va ipv6_ipfilter_rules .Pq Vt str Set to .Pa /etc/ipf6.rules by default. This variable contains the IPv6 filter rule definition file. The file is expected to be readable for the .Xr ipf 8 command to execute. .\" ----- ipfilter_flags setting -------------------------------- .It Va ipfilter_flags .Pq Vt str Empty by default. This variable contains flags passed to the .Xr ipf 8 program. .\" ----- ipnat_enable setting ---------------------------------- .It Va ipnat_enable .Pq Vt bool Set to .Dq Li NO by default. Set it to .Dq Li YES to enable .Xr ipnat 8 network address translation. See .Va ipfilter_enable for a detailed discussion. .\" ----- ipnat_program setting --------------------------------- .It Va ipnat_program .Pq Vt str Path to .Xr ipnat 8 (default .Pa /sbin/ipnat ) . .\" ----- ipnat_rules setting ----------------------------------- .It Va ipnat_rules .Pq Vt str Set to .Pa /etc/ipnat.rules by default. This variable contains the name of the file holding the network address translation definition. This file is expected to be readable for the .Xr ipnat 8 command to execute. .\" ----- ipnat_flags setting ----------------------------------- .It Va ipnat_flags .Pq Vt str Empty by default. This variable contains flags passed to the .Xr ipnat 8 program. .\" ----- ipmon_enable setting ---------------------------------- .It Va ipmon_enable .Pq Vt bool Set to .Dq Li NO by default. Set it to .Dq Li YES to enable .Xr ipmon 8 monitoring (logging .Xr ipf 8 and .Xr ipnat 8 events). Setting this variable needs setting .Va ipfilter_enable or .Va ipnat_enable too. See .Va ipfilter_enable for a detailed discussion. .\" ----- ipmon_program setting --------------------------------- .It Va ipmon_program .Pq Vt str Path to .Xr ipmon 8 (default .Pa /sbin/ipmon ) . .\" ----- ipmon_flags setting ----------------------------------- .It Va ipmon_flags .Pq Vt str Set to .Dq Li -Ds by default. This variable contains flags passed to the .Xr ipmon 8 program. Another typical example would be .Dq Fl D Pa /var/log/ipflog to have .Xr ipmon 8 log directly to a file bypassing .Xr syslogd 8 . Make sure to adjust .Pa /etc/newsyslog.conf in such case like this: .Bd -literal /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid .Ed .\" ----- ipfs_enable setting ----------------------------------- .It Va ipfs_enable .Pq Vt bool Set to .Dq Li NO by default. Set it to .Dq Li YES to enable .Xr ipfs 8 saving the filter and NAT state tables during shutdown and reloading them during startup again. Setting this variable needs setting .Va ipfilter_enable or .Va ipnat_enable to .Dq Li YES too. See .Va ipfilter_enable for a detailed discussion. Note that if .Va kern_securelevel is set to 3, .Va ipfs_enable cannot be used because the raised securelevel will prevent .Xr ipfs 8 from saving the state tables at shutdown time. .\" ----- ipfs_program setting ---------------------------------- .It Va ipfs_program .Pq Vt str Path to .Xr ipfs 8 (default .Pa /sbin/ipfs ) . .\" ----- ipfs_flags setting ------------------------------------ .It Va ipfs_flags .Pq Vt str Empty by default. This variable contains flags passed to the .Xr ipfs 8 program. .\" ----- end of added ipf hook --------------------------------- .It Va pf_enable .Pq Vt bool Set to .Dq Li NO by default. Setting this to .Dq Li YES enables .Xr pf 4 packet filtering. .Pp Typical usage will require putting .Pp .Dl pf_enable="YES" .Pp into .Pa /etc/rc.conf and editing .Pa /etc/pf.conf appropriately. Adding .Pp .Dl "device pf" .Pp builds support for .Xr pf 4 into the kernel, otherwise the kernel module will be loaded. .It Va pf_rules .Pq Vt str Path to .Xr pf 4 ruleset configuration file (default .Pa /etc/pf.conf ) . .It Va pf_program .Pq Vt str Path to .Xr pfctl 8 (default .Pa /sbin/pfctl ) . .It Va pf_flags .Pq Vt str If .Va pf_enable is set to .Dq Li YES , these flags are passed to the .Xr pfctl 8 program when loading the ruleset. .It Va pflog_enable .Pq Vt bool Set to .Dq Li NO by default. Setting this to .Dq Li YES enables .Xr pflogd 8 which logs packets from the .Xr pf 4 packet filter. .It Va pflog_logfile .Pq Vt str If .Va pflog_enable is set to .Dq Li YES this controls where .Xr pflogd 8 stores the logfile (default .Pa /var/log/pflog ) . Check .Pa /etc/newsyslog.conf to adjust logfile rotation for this. .It Va pflog_program .Pq Vt str Path to .Xr pflogd 8 (default .Pa /sbin/pflogd ) . .It Va pflog_flags .Pq Vt str Empty by default. This variable contains additional flags passed to the .Xr pflogd 8 program. .It Va ftpproxy_enable .Pq Vt bool Set to .Dq Li NO by default. Setting this to .Dq Li YES enables .Xr ftp-proxy 8 which supports the .Xr pf 4 packet filter in translating ftp connections. .It Va ftpproxy_flags .Pq Vt str Empty by default. This variable contains additional flags passed to the .Xr ftp-proxy 8 program. .It Va pfsync_enable .Pq Vt bool Set to .Dq Li NO by default. Setting this to .Dq Li YES enables exposing .Xr pf 4 state changes to other hosts over the network by means of .Xr pfsync 4 . The .Va pfsync_syncdev variable must also be set then. .It Va pfsync_syncdev .Pq Vt str Empty by default. This variable specifies the name of the network interface .Xr pfsync 4 should operate through. It must be set accordingly if .Va pfsync_enable is set to .Dq Li YES . .It Va pfsync_syncpeer .Pq Vt str Empty by default. This variable is optional. By default, state change messages are sent out on the synchronisation interface using IP multicast packets. The protocol is IP protocol 240, PFSYNC, and the multicast group used is 224.0.0.240. When a peer address is specified using the .Va pfsync_syncpeer option, the peer address is used as a destination for the pfsync traffic, and the traffic can then be protected using .Xr ipsec 4 . See the .Xr pfsync 4 manpage for more details about using .Xr ipsec 4 with .Xr pfsync 4 interfaces. .It Va pfsync_ifconfig .Pq Vt str Empty by default. This variable can contain additional options to be passed to the .Xr ifconfig 8 command used to set up .Xr pfsync 4 . .It Va tcp_extensions .Pq Vt bool Set to .Dq Li YES by default. Setting this to .Dq Li NO disables certain TCP options as described by .Rs .%T "RFC 1323" .Re Setting this to .Dq Li NO might help remedy such problems with connections as randomly hanging or other weird behavior. Some network devices are known to be broken with respect to these options. .It Va log_in_vain .Pq Vt int Set to 0 by default. The .Xr sysctl 8 variables, .Va net.inet.tcp.log_in_vain and .Va net.inet.udp.log_in_vain , as described in .Xr tcp 4 and .Xr udp 4 , are set to the given value. .It Va tcp_keepalive .Pq Vt bool Set to .Dq Li YES by default. Setting to .Dq Li NO will disable probing idle TCP connections to verify that the peer is still up and reachable. .It Va tcp_drop_synfin .Pq Vt bool Set to .Dq Li NO by default. Setting to .Dq Li YES will cause the kernel to ignore TCP frames that have both the SYN and FIN flags set. This prevents OS fingerprinting, but may break some legitimate applications. .It Va icmp_drop_redirect .Pq Vt bool Set to .Dq Li NO by default. Setting to .Dq Li YES will cause the kernel to ignore ICMP REDIRECT packets. Refer to .Xr icmp 4 for more information. .It Va icmp_log_redirect .Pq Vt bool Set to .Dq Li NO by default. Setting to .Dq Li YES will cause the kernel to log ICMP REDIRECT packets. Note that the log messages are not rate-limited, so this option should only be used for troubleshooting networks. Refer to .Xr icmp 4 for more information. .It Va icmp_bmcastecho .Pq Vt bool Set to .Dq Li YES to respond to broadcast or multicast ICMP ping packets. Refer to .Xr icmp 4 for more information. .It Va ip_portrange_first .Pq Vt int If not set to .Dq Li NO , this is the first port in the default portrange. Refer to .Xr ip 4 for more information. .It Va ip_portrange_last .Pq Vt int If not set to .Dq Li NO , this is the last port in the default portrange. Refer to .Xr ip 4 for more information. .It Va network_interfaces .Pq Vt str Set to the list of network interfaces to configure on this host or .Dq Li AUTO (the default) for all current interfaces. Setting the .Va network_interfaces variable to anything other than the default is deprecated. Interfaces that the administrator wishes to store configuration for, but not start at boot should be configured with the .Dq Li NOAUTO keyword in their .Va ifconfig_ Ns Aq Ar interface variables as described below. .Pp An .Va ifconfig_ Ns Aq Ar interface variable is also assumed to exist for each value of .Ar interface . When an interface name contains any of the characters .Dq Li .-/+ they are translated to .Dq Li _ before lookup. The variable can contain arguments to .Xr ifconfig 8 , as well as special case-insensitive keywords described below. Such keywords are removed before passing the value to .Xr ifconfig 8 while the order of the other arguments is preserved. .Pp One can configure more than one IPv4 address with the .Va ipv4_addrs_ Ns Aq Ar interface variable. One or more IP addresses must be provided in Classless Inter-Domain Routing (CIDR) address notation, whose last byte can be a range like 192.0.2.5-23/24. In this case the address 192.0.2.5 will be configured with the netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting netmask /32 as explained in the .Xr ifconfig 8 alias section. With the interface in question being .Li ed0 , an example could look like: .Bd -literal ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" .Ed .Pp It is also possible to add IP alias entries using .Xr ifconfig 8 syntax with the .Dq Li inet keyword. Assuming that the interface in question was .Li ed0 , it might look something like this: .Bd -literal ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" .Ed .Pp And so on. For each .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n entry with the .Dq Li inet keyword that is found, its contents are passed to .Xr ifconfig 8 . Execution stops at the first unsuccessful access, so if something like this is present: .Bd -literal ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" .Ed .Pp Then note that alias4 would .Em not be added since the search would stop with the missing .Dq Li alias3 entry. Due to this difficult to manage behavior, the .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n form is deprecated. .Pp If the .Pa /etc/start_if. Ns Aq Ar interface file is present, it is read and executed by the .Xr sh 1 interpreter before configuring the interface as specified in the .Va ifconfig_ Ns Aq Ar interface and .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n variables. .Pp If a .Va vlans_ Ns Aq Ar interface variable is set, a .Xr vlan 4 interface will be created for each item in the list with the .Ar vlandev argument set to .Ar interface . If a vlan interface's name is a number, then that number is used as the vlan tag and the new vlan interface is named .Ar interface . Ns Ar tag . Otherwise, the vlan tag must be specified via a .Va vlan parameter in the .Va create_args_ Ns Aq Ar interface variable. .Pp To create a vlan device named .Li em0.101 on .Li em0 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: .Bd -literal vlans_em0="101" ifconfig_em0_101="inet 192.0.2.1/24" .Ed .Pp To create a vlan device named .Li myvlan on .Li em0 with the vlan tag 102: .Bd -literal vlans_em0="myvlan" create_args_myvlan="vlan 102" .Ed .Pp If a .Va wlans_ Ns Aq Ar interface variable is set, an .Xr wlan 4 interface will be created for each item in the list with the .Ar wlandev argument set to .Ar interface . Further wlan cloning arguments may be passed to the .Xr ifconfig 8 .Cm create command by setting the .Va create_args_ Ns Aq Ar interface variable. One or more .Xr wlan 4 devices must be created for each wireless devices as of .Fx 8.0 . Debugging flags for .Xr wlan 4 devices as set by .Xr wlandebug 8 may be specified with an .Va wlandebug_ Ns Aq Ar interface variable. The contents of this variable will be passed directly to .Xr wlandebug 8 . .Pp If the .Va ifconfig_ Ns Aq Ar interface contains the keyword .Dq Li NOAUTO then the interface will not be configured at boot or by .Pa /etc/pccard_ether when .Va network_interfaces is set to .Dq Li AUTO . .Pp It is possible to bring up an interface with DHCP by adding .Dq Li DHCP to the .Va ifconfig_ Ns Aq Ar interface variable. For instance, to initialize the .Li ed0 device via DHCP, it is possible to use something like: .Bd -literal ifconfig_ed0="DHCP" .Ed .Pp Also, if you want to configure your wireless interface with .Xr wpa_supplicant 8 for use with WPA, EAP/LEAP or WEP, you need to add .Dq Li WPA to the .Va ifconfig_ Ns Aq Ar interface variable. .Pp Finally, you can add .Xr ifconfig 8 options in this variable, in addition to the .Pa /etc/start_if. Ns Aq Ar interface file. For instance, to configure an .Xr ath 4 wireless device in station mode with an address obtained via DHCP, using WPA authentication and 802.11b mode, it is possible to use something like: .Bd -literal wlans_ath0="wlan0" ifconfig_wlan0="DHCP WPA mode 11b" .Ed .Pp In addition to the .Va ifconfig_ Ns Aq Ar interface form, a fallback variable .Va ifconfig_DEFAULT may be configured. It will be used for all interfaces with no .Va ifconfig_ Ns Aq Ar interface variable. This is intended to replace the no longer supported .Va pccard_ifconfig variable. .Pp It is also possible to rename an interface by doing: .Bd -literal ifconfig_ed0_name="net0" ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" .Ed .It Va ipv6_enable .Pq Vt bool This variable is deprecated. Use .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 and .Va ipv6_activate_all_interfaces if necessary. .Pp If the variable is .Dq Li YES , .Dq Li inet6 accept_rtadv is added to all of .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 and the .Va ipv6_activate_all_interfaces is defined as .Dq Li YES . .It Va ipv6_prefer .Pq Vt bool This variable is deprecated. Use .Va ip6addrctl_policy instead. .Pp If the variable is .Dq Li YES , the default address selection policy table set by .Xr ip6addrctl 8 will be IPv6-preferred. .Pp If the variable is .Dq Li NO , the default address selection policy table set by .Xr ip6addrctl 8 will be IPv4-preferred. .It Va ipv6_activate_all_interfaces .Pq Vt bool This controls initial configuration on IPv6-capable interfaces with no corresponding .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 variable. Note that it is not always necessary to set this variable to .Dq YES to use IPv6 functionality on .Fx . In most cases, just configuring .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 variables works. .Pp If the variable is .Dq Li NO , all interfaces which do not have a corresponding .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 variable will be marked as .Dq Li IFDISABLED at creation. This means that all of IPv6 functionality on that interface is completely disabled to enforce a security policy. If the variable is set to .Dq YES , the flag will be cleared on all of the interfaces. .Pp In most cases, just defining an .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 for an IPv6-capable interface should be sufficient. However, if an interface is added dynamically .Pq by some tunneling protocols such as PPP, for example , it is often difficult to define the variable in advance. In such a case, configuring the .Dq Li IFDISABLED flag can be disabled by setting this variable to .Dq YES . .Pp For more details of the .Dq Li IFDISABLED flag and keywords .Dq Li inet6 ifdisabled , see .Xr ifconfig 8 . .Pp Default is .Dq Li NO . .It Va ipv6_privacy .Pq Vt bool If the variable is .Dq Li YES privacy addresses will be generated for each IPv6 interface as described in RFC 4941. .It Va ipv6_network_interfaces .Pq Vt str This is the IPv6 equivalent of .Va network_interfaces . Normally manual configuration of this variable is not needed. .Pp .It Va ipv6_cpe_wanif .Pq Vt str If the variable is set to an interface name, the .Xr ifconfig 8 options .Dq inet6 -no_radr accept_rtadv will be added to the specified interface automatically before evaluating .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , and two .Xr sysctl 8 variables .Va net.inet6.ip6.rfc6204w3 and .Va net.inet6.ip6.no_radr will be set to 1. .Pp This means the specified interface will accept ICMPv6 Router Advertisement messages on that link and add the discovered routers into the Default Router List. While the other interfaces can still accept RA messages if the .Dq inet6 accept_rtadv option is specified, adding routes into the Default Router List will be disabled by .Dq inet6 no_radr option by default. See .Xr ifconfig 8 for more details. .Pp Note that ICMPv6 Router Advertisement messages will be accepted even when .Va net.inet6.ip6.forwarding is 1 .Pq packet forwarding is enabled when .Va net.inet6.ip6.rfc6204w3 is set to 1. .Pp Default is .Dq Li NO . .It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 .Pq Vt str IPv6 functionality on an interface should be configured by .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , instead of setting ifconfig parameters in .Va ifconfig_ Ns Aq Ar interface . If this variable is empty, all of IPv6 configurations on the specified interface by other variables such as .Va ipv6_prefix_ Ns Ao Ar interface Ac will be ignored. .Pp Aliases should be set by .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n with .Dq Li inet6 keyword. For example: .Bd -literal ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" .Ed .Pp Interfaces that have an .Dq Li inet6 accept_rtadv keyword in .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 setting will be automatically configured by SLAAC .Pq StateLess Address AutoConfiguration described in .Rs .%T "RFC 4862" .Re .Pp Note that a link-local address will be automatically configured in addition to the configured global-scope addresses because the IPv6 specifications require it on each link. The address is calculated from the MAC address by using an algorithm defined in .Rs .%T "RFC 4862" .%O "Section 5.3" .Re .Pp If only a link-local address is needed on the interface, the following configuration can be used: .Bd -literal ifconfig_ed0_ipv6="inet6 auto_linklocal" .Ed .Pp A link-local address can also be configured manually. This is useful for the default router address of an IPv6 router so that it does not change when the network interface card is replaced. For example: .Bd -literal ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" .Ed .It Va ipv6_prefix_ Ns Aq Ar interface .Pq Vt str If one or more prefixes are defined in .Va ipv6_prefix_ Ns Aq Ar interface addresses based on each prefix and the EUI-64 interface index will be configured on that interface. Note that this variable will be ignored when .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 is empty. .Pp For example, the following configuration .Bd -literal ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" .Ed .Pp is equivalent to the following: .Bd -literal ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" .Ed .Pp These Subnet-Router anycast addresses will be added only when .Va ipv6_gateway_enable is YES. .It Va ipv6_default_interface .Pq Vt str If not set to .Dq Li NO , this is the default output interface for scoped addresses. This works only with ipv6_gateway_enable="NO". .It Va ip6addrctl_enable .Pq Vt bool This variable is to enable configuring default address selection policy table .Pq RFC 3484 . The table can be specified in another variable .Va ip6addrctl_policy . For .Va ip6addrctl_policy the following keywords can be specified: .Dq Li ipv4_prefer , .Dq Li ipv6_prefer , or .Dq Li AUTO . .Pp If .Dq Li ipv4_prefer or .Dq Li ipv6_prefer is specified, .Xr ip6addrctl 8 installs a pre-defined policy table described in Section 2.1 .Pq IPv6-preferred or 10.3 .Pq IPv4-preferred of RFC 3484. .Pp If .Dq Li AUTO is specified, it attempts to read a file .Pa /etc/ip6addrctl.conf first. If this file is found, .Xr ip6addrctl 8 reads and installs it. If not found, a policy is automatically set according to .Va ipv6_activate_all_interfaces variable; if the variable is set to .Dq Li YES the IPv6-preferred one is used. Otherwise IPv4-preferred. .Pp The default value of .Va ip6addrctl_enable and .Va ip6addrctl_policy are .Dq Li YES and .Dq Li AUTO , respectively. .It Va cloned_interfaces .Pq Vt str Set to the list of clonable network interfaces to create on this host. Further cloning arguments may be passed to the .Xr ifconfig 8 .Cm create command for each interface by setting the .Va create_args_ Ns Aq Ar interface variable. Entries in .Va cloned_interfaces are automatically appended to .Va network_interfaces for configuration. .It Va fec_interfaces .Pq Vt str Set to the list of .Xr ng_fec 4 Fast EtherChannel interfaces to configure on this host. A .Va fecconfig_ Ns Aq Ar interface variable is assumed to exist for each value of .Ar interface . The value of this variable is used to configure link aggregated interfaces according to the syntax of the .Cm NGM_FEC_ADD_IFACE to .Xr ngctl 8 msg. Additionally, this option ensures that each listed interface is created via the .Cm mkpeer command to .Xr ngctl 8 before attempting to configure it. For example: .Bd -literal fec_interfaces="fec0" fecconfig_fec0="em0 em1" ifconfig_fec0="DHCP" .Ed .It Va gif_interfaces .Pq Vt str Set to the list of .Xr gif 4 tunnel interfaces to configure on this host. A .Va gifconfig_ Ns Aq Ar interface variable is assumed to exist for each value of .Ar interface . The value of this variable is used to configure the link layer of the tunnel according to the syntax of the .Cm tunnel option to .Xr ifconfig 8 . Additionally, this option ensures that each listed interface is created via the .Cm create option to .Xr ifconfig 8 before attempting to configure it. .It Va sppp_interfaces .Pq Vt str Set to the list of .Xr sppp 4 interfaces to configure on this host. A .Va spppconfig_ Ns Aq Ar interface variable is assumed to exist for each value of .Ar interface . Each interface should also be configured by a general .Va ifconfig_ Ns Aq Ar interface setting. Refer to .Xr spppcontrol 8 for more information about available options. .It Va ppp_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr ppp 8 daemon. .It Va ppp_profile .Pq Vt str The name of the profile to use from .Pa /etc/ppp/ppp.conf . Also used for per-profile overrides of .Va ppp_mode and .Va ppp_nat , and .Va ppp_ Ns Ao Ar profile Ac Ns _unit . When the profile name contains any of the characters .Dq Li .-/+ they are translated to .Dq Li _ for the proposes of the override variable names. .It Va ppp_mode .Pq Vt str Mode in which to run the .Xr ppp 8 daemon. .It Va ppp_ Ns Ao Ar profile Ac Ns _mode .Pq Vt str Overrides the global .Va ppp_mode for .Ar profile . Accepted modes are .Dq Li auto , .Dq Li ddial , .Dq Li direct and .Dq Li dedicated . See the manual for a full description. .It Va ppp_nat .Pq Vt bool If set to .Dq Li YES , enables network address translation. Used in conjunction with .Va gateway_enable allows hosts on private network addresses access to the Internet using this host as a network address translating router. .It Va ppp_ Ns Ao Ar profile Ac Ns _nat .Pq Vt str Overrides the global .Va ppp_nat for .Ar profile . .It Va ppp_ Ns Ao Ar profile Ac Ns _unit .Pq Vt int Set the unit number to be used for this profile. See the manual description of .Fl unit Ns Ar N for details. .It Va ppp_user .Pq Vt str The name of the user under which .Xr ppp 8 should be started. By default, .Xr ppp 8 is started as .Dq Li root . .It Va rc_conf_files .Pq Vt str This option is used to specify a list of files that will override the settings in .Pa /etc/defaults/rc.conf . The files will be read in the order in which they are specified and should include the full path to the file. By default, the files specified are .Pa /etc/rc.conf and .Pa /etc/rc.conf.local .It Va zfs_enable .Pq Vt bool If set to .Dq Li YES , .Pa /etc/rc.d/zfs will attempt to automatically mount ZFS file systems and initialize ZFS volumes (ZVOLs). .It Va gptboot_enable .Pq Vt bool If set to .Dq Li YES , .Pa /etc/rc.d/gptboot will log if the system successfully (or not) booted from a GPT partition, which had the .Ar bootonce attribute set using .Xr gpart 8 utility. .It Va gbde_autoattach_all .Pq Vt bool If set to .Dq Li YES , .Pa /etc/rc.d/gbde will attempt to automatically initialize your .bde devices in .Pa /etc/fstab . .It Va gbde_devices .Pq Vt str List the devices that the script should try to attach, or .Dq Li AUTO . .It Va gbde_lockdir .Pq Vt str The directory where the .Xr gbde 4 lockfiles are located. The default lockfile directory is .Pa /etc . .Pp The lockfile for each individual .Xr gbde 4 device can be overridden by setting the variable .Va gbde_lock_ Ns Aq Ar device , where .Ar device is the encrypted device without the .Dq Pa /dev/ and .Dq Pa .bde parts. .It Va gbde_attach_attempts .Pq Vt int Number of times to attempt attaching to a .Xr gbde 4 device, i.e., how many times the user is asked for the pass-phrase. Default is 3. .It Va geli_devices .Pq Vt str List of devices to automatically attach on boot. Note that .eli devices from .Pa /etc/fstab are automatically appended to this list. .It Va geli_tries .Pq Vt int Number of times user is asked for the pass-phrase. If empty, it will be taken from .Va kern.geom.eli.tries sysctl variable. .It Va geli_default_flags .Pq Vt str Default flags to use by .Xr geli 8 when configuring disk encryption. Flags can be configured for every device separately by defining .Va geli_ Ns Ao Ar device Ac Ns Va _flags variable. .It Va geli_autodetach .Pq Vt str Specifies if GELI devices should be marked for detach on last close after file systems are mounted. Default is .Dq Li YES . This can be changed for every device separately by defining .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach variable. .It Va geli_swap_flags Options passed to the .Xr geli 8 utility when encrypted GEOM providers for swap partitions are created. The default is .Dq Li "-e aes -l 256 -s 4096 -d" . .It Va root_rw_mount .Pq Vt bool Set to .Dq Li YES by default. After the file systems are checked at boot time, the root file system is remounted as read-write if this is set to .Dq Li YES . Diskless systems that mount their root file system from a read-only remote NFS share should set this to .Dq Li NO in their .Pa rc.conf . .It Va fsck_y_enable .Pq Vt bool If set to .Dq Li YES , .Xr fsck 8 will be run with the .Fl y flag if the initial preen of the file systems fails. .It Va background_fsck .Pq Vt bool If set to .Dq Li YES , the system will attempt to run .Xr fsck 8 in the background where possible. .It Va background_fsck_delay .Pq Vt int The amount of time in seconds to sleep before starting a background .Xr fsck 8 . It defaults to sixty seconds to allow large applications such as the X server to start before disk I/O bandwidth is monopolized by .Xr fsck 8 . If set to a negative number, the background file system check will be delayed indefinitely to allow the administrator to run it at a more convenient time. For example it may be run from .Xr cron 8 by adding a line like .Pp .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" .Pp to .Pa /etc/crontab . .It Va netfs_types .Pq Vt str List of file system types that are network-based. This list should generally not be modified by end users. Use .Va extra_netfs_types instead. .It Va extra_netfs_types .Pq Vt str If set to something other than .Dq Li NO (the default), this variable extends the list of file system types for which automatic mounting at startup by .Xr rc 8 should be delayed until the network is initialized. It should contain a whitespace-separated list of network file system descriptor pairs, each consisting of a file system type as passed to .Xr mount 8 and a human-readable, one-word description, joined with a colon .Pq Ql \&: . Extending the default list in this way is only necessary when third party file system types are used. .It Va syslogd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr syslogd 8 daemon. .It Va syslogd_program .Pq Vt str Path to .Xr syslogd 8 (default .Pa /usr/sbin/syslogd ) . .It Va syslogd_flags .Pq Vt str If .Va syslogd_enable is set to .Dq Li YES , these are the flags to pass to .Xr syslogd 8 . .It Va inetd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr inetd 8 daemon. .It Va inetd_program .Pq Vt str Path to .Xr inetd 8 (default .Pa /usr/sbin/inetd ) . .It Va inetd_flags .Pq Vt str If .Va inetd_enable is set to .Dq Li YES , these are the flags to pass to .Xr inetd 8 . .It Va hastd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr hastd 8 daemon. .It Va hastd_program .Pq Vt str Path to .Xr hastd 8 (default .Pa /sbin/hastd ) . .It Va hastd_flags .Pq Vt str If .Va hastd_enable is set to .Dq Li YES , these are the flags to pass to .Xr hastd 8 . .It Va named_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr named 8 daemon. .It Va named_program .Pq Vt str Path to .Xr named 8 (default .Pa /usr/sbin/named ) . .It Va named_conf .Pq Vt str Path to .Xr named 8 configuration file, (default .Pa /etc/namedb/named.conf ) . .It Va named_flags .Pq Vt str If .Va named_enable is set to .Dq Li YES , these are the flags to pass to .Xr named 8 . .It Va named_uid .Pq Vt str The user that the .Xr named 8 process should be run as. .It Va named_chrootdir .Pq Vt str The root directory for a name server run in a .Xr chroot 8 environment (default .Pa /var/named ) . If left empty .Xr named 8 will not be run in a .Xr chroot 8 environment. .It Va named_chroot_autoupdate .Pq Vt bool Set to .Dq Li NO to disable automatic update of the .Xr chroot 8 environment. .It Va named_symlink_enable .Pq Vt bool Set to .Dq Li NO to disable symlinking of daemon's PID file into the .Xr chroot 8 environment. .It Va named_wait .Pq Vt bool Set to have .Pa /etc/rc.d/named loop until working name service is established. .It Va named_wait_host .Pq Vt str Name of host to lookup for the named_wait option. (Default localhost) .It Va named_auto_forward .Pq Vt bool Set to enable automatic creation of a forwarder configuration file derived from .Pa /etc/resolv.conf . .It Va named_auto_forward_only .Pq Vt bool Set to change the default forwarder configuration from .Dq forward first to .Dq forward only . .It Va kerberos5_server_enable .Pq Vt bool Set to .Dq Li YES to start a Kerberos 5 authentication server at boot time. .It Va kerberos5_server .Pq Vt str If .Va kerberos5_server_enable is set to .Dq Li YES this is the path to Kerberos 5 Authentication Server. .It Va kerberos5_server_flags .Pq Vt str Empty by default. This variable contains additional flags to be passed to the Kerberos 5 authentication server. .It Va kadmind5_server_enable .Pq Vt bool Set to .Dq Li YES to start .Xr kadmind 8 , the Kerberos 5 Administration Daemon; set to .Dq Li NO on a slave server. .It Va kadmind5_server .Pq Vt str If .Va kadmind5_server_enable is set to .Dq Li YES this is the path to Kerberos 5 Administration Daemon. .It Va kpasswdd_server_enable .Pq Vt bool Set to .Dq Li YES to start .Xr kpasswdd 8 , the Kerberos 5 Password-Changing Daemon; set to .Dq Li NO on a slave server. .It Va kpasswdd_server .Pq Vt str If .Va kpasswdd_server_enable is set to .Dq Li YES this is the path to Kerberos 5 Password-Changing Daemon. .It Va kfd_enable .Pq Vt bool Set to .Dq Li YES to start .Xr kfd 8 , the Kerberos 5 ticket forwarding daemon, at the boot time. .It Va kfd_program .Pq Vt str Path to .Xr kfd 8 (default .Pa /usr/libexec/kfd ) . .It Va rwhod_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr rwhod 8 daemon at boot time. .It Va rwhod_flags .Pq Vt str If .Va rwhod_enable is set to .Dq Li YES , these are the flags to pass to it. .It Va amd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr amd 8 daemon at boot time. .It Va amd_flags .Pq Vt str If .Va amd_enable is set to .Dq Li YES , these are the flags to pass to it. See the .Xr amd 8 manpage for more information. .It Va amd_map_program .Pq Vt str If set, the specified program is run to get the list of .Xr amd 8 maps. For example, if the .Xr amd 8 maps are stored in NIS, one can set this to run .Xr ypcat 1 to get a list of .Xr amd 8 maps from the .Pa amd.master NIS map. .It Va update_motd .Pq Vt bool If set to .Dq Li YES , .Pa /etc/motd will be updated at boot time to reflect the kernel release being run. If set to .Dq Li NO , .Pa /etc/motd will not be updated. .It Va nfs_client_enable .Pq Vt bool If set to .Dq Li YES , run the NFS client daemons at boot time. .It Va nfs_access_cache .Pq Vt int If .Va nfs_client_enable is set to .Dq Li YES , this can be set to .Dq Li 0 to disable NFS ACCESS RPC caching, or to the number of seconds for which NFS ACCESS results should be cached. A value of 2-10 seconds will substantially reduce network traffic for many NFS operations. .It Va nfs_server_enable .Pq Vt bool If set to .Dq Li YES , run the NFS server daemons at boot time. .It Va nfs_server_flags .Pq Vt str If .Va nfs_server_enable is set to .Dq Li YES , these are the flags to pass to the .Xr nfsd 8 daemon. .It Va nfsv4_server_enable .Pq Vt bool If .Va nfs_server_enable is set to .Dq Li YES and .Va nfsv4_server_enable are set to .Dq Li YES , enable the server for NFSv4 as well as NFSv2 and NFSv3. .It Va nfsuserd_enable .Pq Vt bool If .Va nfsuserd_enable is set to .Dq Li YES , run the nfsuserd daemon, which is needed for NFSv4 in order to map between user/group names vs uid/gid numbers. If .Va nfsv4_server_enable is set to .Dq Li YES , this will be forced enabled. .It Va nfsuserd_flags .Pq Vt str If .Va nfsuserd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr nfsuserd 8 daemon. .It Va nfscbd_enable .Pq Vt bool If .Va nfscbd_enable is set to .Dq Li YES , run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. .It Va nfscbd_flags .Pq Vt str If .Va nfscbd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr nfscbd 8 daemon. .It Va oldnfs_server_enable .Pq Vt bool If .Va oldnfs_server_enable is set to .Dq Li YES , force the NFS server daemons to run the old NFS server code that does not support NFSv4. .It Va mountd_enable .Pq Vt bool If set to .Dq Li YES , and no .Va nfs_server_enable is set, start .Xr mountd 8 , but not .Xr nfsd 8 daemon. It is commonly needed to run CFS without real NFS used. .It Va mountd_flags .Pq Vt str If .Va mountd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr mountd 8 daemon. .It Va weak_mountd_authentication .Pq Vt bool If set to .Dq Li YES , allow services like PCNFSD to make non-privileged mount requests. .It Va nfs_reserved_port_only .Pq Vt bool If set to .Dq Li YES , provide NFS services only on a secure port. .It Va nfs_bufpackets .Pq Vt int If set to a number, indicates the number of packets worth of socket buffer space to reserve on an NFS client. The kernel default is typically 4. Using a higher number may be useful on gigabit networks to improve performance. The minimum value is 2 and the maximum is 64. .It Va rpc_lockd_enable .Pq Vt bool If set to .Dq Li YES and also an NFS server or client, run .Xr rpc.lockd 8 at boot time. .It Va rpc_lockd_flags .Pq Vt str If .Va rpc_lockd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr rpc.lockd 8 daemon. .It Va rpc_statd_enable .Pq Vt bool If set to .Dq Li YES and also an NFS server or client, run .Xr rpc.statd 8 at boot time. .It Va rpc_statd_flags .Pq Vt str If .Va rpc_statd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr rpc.statd 8 daemon. .It Va rpcbind_program .Pq Vt str Path to .Xr rpcbind 8 (default .Pa /usr/sbin/rpcbind ) . .It Va rpcbind_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr rpcbind 8 service at boot time. .It Va rpcbind_flags .Pq Vt str If .Va rpcbind_enable is set to .Dq Li YES , these are the flags to pass to the .Xr rpcbind 8 daemon. .It Va keyserv_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr keyserv 8 daemon on boot for running Secure RPC. .It Va keyserv_flags .Pq Vt str If .Va keyserv_enable is set to .Dq Li YES , these are the flags to pass to .Xr keyserv 8 daemon. .It Va pppoed_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr pppoed 8 daemon at boot time to provide PPP over Ethernet services. .It Va pppoed_ Ns Aq Ar provider .Pq Vt str .Xr pppoed 8 listens to requests to this .Ar provider and ultimately runs .Xr ppp 8 with a .Ar system argument of the same name. .It Va pppoed_flags .Pq Vt str Additional flags to pass to .Xr pppoed 8 . .It Va pppoed_interface .Pq Vt str The network interface to run .Xr pppoed 8 on. This is mandatory when .Va pppoed_enable is set to .Dq Li YES . .It Va timed_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr timed 8 service at boot time. This command is intended for networks of machines where a consistent .Dq "network time" for all hosts must be established. This is often useful in large NFS environments where time stamps on files are expected to be consistent network-wide. .It Va timed_flags .Pq Vt str If .Va timed_enable is set to .Dq Li YES , these are the flags to pass to the .Xr timed 8 service. .It Va ntpdate_enable .Pq Vt bool If set to .Dq Li YES , run .Xr ntpdate 8 at system startup. This command is intended to synchronize the system clock only .Em once from some standard reference. An option to set this up initially (from a list of known servers) is also provided by the .Xr sysinstall 8 program when the system is first installed. .It Va ntpdate_config .Pq Vt str Configuration file for .Xr ntpdate 8 . Default .Pa /etc/ntp.conf . .It Va ntpdate_hosts .Pq Vt str A whitespace-separated list of NTP servers to synchronize with at startup. The default is to use the servers listed in .Va ntpdate_config , if that file exists. .It Va ntpdate_program .Pq Vt str Path to .Xr ntpdate 8 (default .Pa /usr/sbin/ntpdate ) . .It Va ntpdate_flags .Pq Vt str If .Va ntpdate_enable is set to .Dq Li YES , these are the flags to pass to the .Xr ntpdate 8 command (typically a hostname). .It Va ntpd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr ntpd 8 command at boot time. .It Va ntpd_program .Pq Vt str Path to .Xr ntpd 8 (default .Pa /usr/sbin/ntpd ) . .It Va ntpd_config .Pq Vt str Path to .Xr ntpd 8 configuration file. Default .Pa /etc/ntp.conf . .It Va ntpd_flags .Pq Vt str If .Va ntpd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr ntpd 8 daemon. .It Va ntpd_sync_on_start .Pq Vt bool If set to .Dq Li YES , .Xr ntpd 8 is run with the .Fl g flag, which syncs the system's clock on startup. See .Xr ntpd 8 for more information regarding the .Fl g option. This is a preferred alternative to using .Xr ntpdate 8 or specifying the .Va ntpdate_enable variable. .It Va nis_client_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr ypbind 8 service at system boot time. .It Va nis_client_flags .Pq Vt str If .Va nis_client_enable is set to .Dq Li YES , these are the flags to pass to the .Xr ypbind 8 service. .It Va nis_ypset_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr ypset 8 daemon at system boot time. .It Va nis_ypset_flags .Pq Vt str If .Va nis_ypset_enable is set to .Dq Li YES , these are the flags to pass to the .Xr ypset 8 daemon. .It Va nis_server_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr ypserv 8 daemon at system boot time. .It Va nis_server_flags .Pq Vt str If .Va nis_server_enable is set to .Dq Li YES , these are the flags to pass to the .Xr ypserv 8 daemon. .It Va nis_ypxfrd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr rpc.ypxfrd 8 daemon at system boot time. .It Va nis_ypxfrd_flags .Pq Vt str If .Va nis_ypxfrd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr rpc.ypxfrd 8 daemon. .It Va nis_yppasswdd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr rpc.yppasswdd 8 daemon at system boot time. .It Va nis_yppasswdd_flags .Pq Vt str If .Va nis_yppasswdd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr rpc.yppasswdd 8 daemon. .It Va rpc_ypupdated_enable .Pq Vt bool If set to .Dq Li YES , run the .Nm rpc.ypupdated daemon at system boot time. .It Va bsnmpd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr bsnmpd 1 daemon at system boot time. Be sure to understand the security implications of running SNMP daemon on your host. .It Va bsnmpd_flags .Pq Vt str If .Va bsnmpd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr bsnmpd 1 daemon. .It Va defaultrouter .Pq Vt str If not set to .Dq Li NO , create a default route to this host name or IP address (use an IP address if this router is also required to get to the name server!). .It Va ipv6_defaultrouter .Pq Vt str The IPv6 equivalent of .Va defaultrouter . .It Va static_arp_pairs .Pq Vt str Set to the list of static ARP pairs that are to be added at system boot time. For each whitespace separated .Ar element in the value, a .Va static_arp_ Ns Aq Ar element variable is assumed to exist whose contents will later be passed to a .Dq Nm arp Cm -S operation. For example .Bd -literal static_arp_pairs="gw" static_arp_gw="192.168.1.1 00:01:02:03:04:05" .Ed .It Va static_ndp_pairs .Pq Vt str Set to the list of static NDP pairs that are to be added at system boot time. For each whitespace separated .Ar element in the value, a .Va static_ndp_ Ns Aq Ar element variable is assumed to exist whose contents will later be passed to a .Dq Nm ndp Cm -s operation. For example .Bd -literal static_ndp_pairs="gw" static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" .Ed .It Va static_routes .Pq Vt str Set to the list of static routes that are to be added at system boot time. If not set to .Dq Li NO then for each whitespace separated .Ar element in the value, a .Va route_ Ns Aq Ar element variable is assumed to exist whose contents will later be passed to a .Dq Nm route Cm add operation. For example: .Bd -literal static_routes="mcast gif0local" route_mcast="-net 224.0.0.0/4 -iface gif0" route_gif0local="-host 169.254.1.1 -iface lo0" .Ed .It Va ipv6_static_routes .Pq Vt str The IPv6 equivalent of .Va static_routes . If not set to .Dq Li NO then for each whitespace separated .Ar element in the value, a .Va ipv6_route_ Ns Aq Ar element variable is assumed to exist whose contents will later be passed to a .Dq Nm route Cm add Fl inet6 operation. .It Va natm_static_routes .Pq Vt str The .Xr natmip 4 equivalent of .Va static_routes . If not empty then for each whitespace separated .Ar element in the value, a .Va route_ Ns Aq Ar element variable is assumed to exist whose contents will later be passed to a .Dq Nm atmconfig Cm natm Cm add operation. .It Va gateway_enable .Pq Vt bool If set to .Dq Li YES , configure host to act as an IP router, e.g.\& to forward packets between interfaces. .It Va ipv6_gateway_enable .Pq Vt bool The IPv6 equivalent of .Va gateway_enable . .It Va routed_enable .Pq Vt bool If set to .Dq Li YES , run a routing daemon of some sort, based on the settings of .Va routed_program and .Va routed_flags . .It Va route6d_enable .Pq Vt bool The IPv6 equivalent of .Va routed_enable . If set to .Dq Li YES , run a routing daemon of some sort, based on the settings of .Va route6d_program and .Va route6d_flags . .It Va routed_program .Pq Vt str If .Va routed_enable is set to .Dq Li YES , this is the name of the routing daemon to use. .It Va route6d_program .Pq Vt str The IPv6 equivalent of .Va routed_program . .It Va routed_flags .Pq Vt str If .Va routed_enable is set to .Dq Li YES , these are the flags to pass to the routing daemon. .It Va route6d_flags .Pq Vt str The IPv6 equivalent of .Va routed_flags . .It Va mrouted_enable .Pq Vt bool If set to .Dq Li YES , run the multicast routing daemon, .Xr mrouted 8 . .It Va mroute6d_enable .Pq Vt bool The IPv6 equivalent of .Va mrouted_enable . If set to .Dq Li YES , run the IPv6 multicast routing daemon. .Pp Note that multicast routing daemons are no longer included in the .Fx base system, however, both .Xr mrouted 8 and .Xr pim6dd 8 may be installed from the .Fx Ports Collection. .It Va mrouted_flags .Pq Vt str If .Va mrouted_enable is set to .Dq Li YES , these are the flags to pass to the .Xr mrouted 8 daemon. .It Va mroute6d_flags .Pq Vt str The IPv6 equivalent of .Va mrouted_flags . If .Va mroute6d_enable is set to .Dq Li YES , these are the flags passed to the IPv6 multicast routing daemon. .It Va mroute6d_program .Pq Vt str If .Va mroute6d_enable is set to .Dq Li YES , this is the path to the IPv6 multicast routing daemon. .It Va rtadvd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr rtadvd 8 daemon at boot time. The .Xr rtadvd 8 utility sends ICMPv6 Router Advertisement messages to the interfaces specified in .Va rtadvd_interfaces . This should only be enabled with great care. You may want to fine-tune .Xr rtadvd.conf 5 . .It Va rtadvd_interfaces .Pq Vt str If .Va rtadvd_enable is set to .Dq Li YES this is the list of interfaces to use. .It Va ipxgateway_enable .Pq Vt bool If set to .Dq Li YES , enable the routing of IPX traffic. .It Va ipxrouted_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr IPXrouted 8 daemon at system boot time. .It Va ipxrouted_flags .Pq Vt str If .Va ipxrouted_enable is set to .Dq Li YES , these are the flags to pass to the .Xr IPXrouted 8 daemon. .It Va arpproxy_all .Pq Vt bool If set to .Dq Li YES , enable global proxy ARP. .It Va forward_sourceroute .Pq Vt bool If set to .Dq Li YES and .Va gateway_enable is also set to .Dq Li YES , source-routed packets are forwarded. .It Va accept_sourceroute .Pq Vt bool If set to .Dq Li YES , the system will accept source-routed packets directed at it. .It Va rarpd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr rarpd 8 daemon at system boot time. .It Va rarpd_flags .Pq Vt str If .Va rarpd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr rarpd 8 daemon. .It Va bootparamd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr bootparamd 8 daemon at system boot time. .It Va bootparamd_flags .Pq Vt str If .Va bootparamd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr bootparamd 8 daemon. .It Va stf_interface_ipv4addr .Pq Vt str If not set to .Dq Li NO , this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface). Specify this entry to enable the 6to4 interface. .It Va stf_interface_ipv4plen .Pq Vt int Prefix length for 6to4 IPv4 addresses, to limit peer address range. An effective value is 0-31. .It Va stf_interface_ipv6_ifid .Pq Vt str IPv6 interface ID for .Xr stf 4 . This can be set to .Dq Li AUTO . .It Va stf_interface_ipv6_slaid .Pq Vt str IPv6 Site Level Aggregator for .Xr stf 4 . .It Va ipv6_faith_prefix .Pq Vt str If not set to .Dq Li NO , this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator. You also need .Xr faithd 8 setup. .It Va ipv6_ipv4mapping .Pq Vt bool If set to .Dq Li YES this enables IPv4 mapped IPv6 address communication (like .Li ::ffff:a.b.c.d ) . .It Va rtsold_enable .Pq Vt bool Set to .Dq Li YES to enable the .Xr rtsold 8 daemon to send ICMPv6 Router Solicitation messages. .It Va rtsold_flags .Pq Vt str If .Va rtsold_enable is set to .Dq Li YES , these are the flags to pass to .Xr rtsold 8 . .It Va rtsol_flags .Pq Vt str For interfaces configured with the .Dq Li inet6 accept_rtadv keyword, these are the flags to pass to .Xr rtsol 8 . .Pp Note that .Va rtsold_enable is mutually exclusive to .Va rtsol_flags ; .Va rtsold_enable takes precedence. .It Va atm_enable .Pq Vt bool Set to .Dq Li YES to enable the configuration of ATM interfaces at system boot time. For all of the ATM variables described below, please refer to the .Xr atm 8 manual page for further details on the available command parameters. Also refer to the files in .Pa /usr/share/examples/atm for more detailed configuration information. .It Va atm_load .Pq Vt str This is a list of physical ATM interface drivers to load. Typical values are .Dq Li hfa_pci and/or .Dq Li hea_pci . .It Va atm_netif_ Ns Aq Ar intf .Pq Vt str For the ATM physical interface .Ar intf , this variable defines the name prefix and count for the ATM network interfaces to be created. The value will be passed as the parameters of an .Dq Nm atm Cm "set netif" Ar intf command. .It Va atm_sigmgr_ Ns Aq Ar intf .Pq Vt str For the ATM physical interface .Ar intf , this variable defines the ATM signalling manager to be used. The value will be passed as the parameters of an .Dq Nm atm Cm attach Ar intf command. .It Va atm_prefix_ Ns Aq Ar intf .Pq Vt str For the ATM physical interface .Ar intf , this variable defines the NSAP prefix for interfaces using a UNI signalling manager. If set to .Dq Li ILMI , the prefix will automatically be set via the .Xr ilmid 8 daemon. Otherwise, the value will be passed as the parameters of an .Dq Nm atm Cm "set prefix" Ar intf command. .It Va atm_macaddr_ Ns Aq Ar intf .Pq Vt str For the ATM physical interface .Ar intf , this variable defines the MAC address for interfaces using a UNI signalling manager. If set to .Dq Li NO , the hardware MAC address contained in the ATM interface card will be used. Otherwise, the value will be passed as the parameters of an .Dq Nm atm Cm "set mac" Ar intf command. .It Va atm_arpserver_ Ns Aq Ar netif .Pq Vt str For the ATM network interface .Ar netif , this variable defines the ATM address for a host which is to provide ATMARP service. This variable is only applicable to interfaces using a UNI signalling manager. If set to .Dq Li local , this host will become an ATMARP server. The value will be passed as the parameters of an .Dq Nm atm Cm "set arpserver" Ar netif command. .It Va atm_scsparp_ Ns Aq Ar netif .Pq Vt bool If set to .Dq Li YES , SCSP/ATMARP service for the network interface .Ar netif will be initiated using the .Xr scspd 8 and .Xr atmarpd 8 daemons. This variable is only applicable if .Va atm_arpserver_ Ns Aq Ar netif is set to .Dq Li local . .It Va atm_pvcs .Pq Vt str Set to the list of ATM PVCs to be added at system boot time. For each whitespace separated .Ar element in the value, an .Va atm_pvc_ Ns Aq Ar element variable is assumed to exist. The value of each of these variables will be passed as the parameters of an .Dq Nm atm Cm "add pvc" command. .It Va atm_arps .Pq Vt str Set to the list of permanent ATM ARP entries to be added at system boot time. For each whitespace separated .Ar element in the value, an .Va atm_arp_ Ns Aq Ar element variable is assumed to exist. The value of each of these variables will be passed as the parameters of an .Dq Nm atm Cm "add arp" command. .It Va natm_interfaces .Pq Vt str Set to the list of .Xr natm 4 interfaces that will also be used for HARP through .Xr harp 4 . If this list is not empty all interfaces in the list will be brought up with .Xr ifconfig 8 and .Xr harp 4 will be loaded. For this to work the interface drivers must be either compiled into the kernel or must reside on the root partition. .It Va keybell .Pq Vt str The keyboard bell sound. Set to .Dq Li normal , .Dq Li visual , .Dq Li off , or .Dq Li NO if the default behavior is desired. For details, refer to the .Xr kbdcontrol 1 manpage. .It Va keyboard .Pq Vt str If set to a non-null string, the virtual console's keyboard input is set to this device. .It Va keymap .Pq Vt str If set to .Dq Li NO , no keymap is installed, otherwise the value is used to install the keymap file in .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . .It Va keyrate .Pq Vt str The keyboard repeat speed. Set to .Dq Li slow , .Dq Li normal , .Dq Li fast , or .Dq Li NO if the default behavior is desired. .It Va keychange .Pq Vt str If not set to .Dq Li NO , attempt to program the function keys with the value. The value should be a single string of the form: .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . .It Va cursor .Pq Vt str Can be set to the value of .Dq Li normal , .Dq Li blink , .Dq Li destructive , or .Dq Li NO to set the cursor behavior explicitly or choose the default behavior. .It Va scrnmap .Pq Vt str If set to .Dq Li NO , no screen map is installed, otherwise the value is used to install the screen map file in .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . .It Va font8x16 .Pq Vt str If set to .Dq Li NO , the default 8x16 font value is used for screen size requests, otherwise the value in .Pa /usr/share/syscons/fonts/ Ns Aq Ar value is used. .It Va font8x14 .Pq Vt str If set to .Dq Li NO , the default 8x14 font value is used for screen size requests, otherwise the value in .Pa /usr/share/syscons/fonts/ Ns Aq Ar value is used. .It Va font8x8 .Pq Vt str If set to .Dq Li NO , the default 8x8 font value is used for screen size requests, otherwise the value in .Pa /usr/share/syscons/fonts/ Ns Aq Ar value is used. .It Va blanktime .Pq Vt int If set to .Dq Li NO , the default screen blanking interval is used, otherwise it is set to .Ar value seconds. .It Va saver .Pq Vt str If not set to .Dq Li NO , this is the actual screen saver to use .Li ( blank , snake , daemon , etc). .It Va moused_nondefault_enable .Pq Vt str If set to .Dq Li NO , the mouse device specified on the command line is not automatically treated as enabled by the .Pa /etc/rc.d/moused script. Having this variable set to .Dq Li YES allows a .Xr usb 4 mouse, for example, to be enabled as soon as it is plugged in. .It Va moused_enable .Pq Vt str If set to .Dq Li YES , the .Xr moused 8 daemon is started for doing cut/paste selection on the console. .It Va moused_type .Pq Vt str This is the protocol type of the mouse connected to this host. This variable must be set if .Va moused_enable is set to .Dq Li YES . The .Xr moused 8 daemon is able to detect the appropriate mouse type automatically in many cases. Set this variable to .Dq Li auto to let the daemon detect it, or select one from the following list if the automatic detection fails. .Pp If the mouse is attached to the PS/2 mouse port, choose .Dq Li auto or .Dq Li ps/2 , regardless of the brand and model of the mouse. Likewise, if the mouse is attached to the bus mouse port, choose .Dq Li auto or .Dq Li busmouse . All other protocols are for serial mice and will not work with the PS/2 and bus mice. If this is a USB mouse, .Dq Li auto is the only protocol type which will work. .Pp .Bl -tag -width ".Li x10mouseremote" -compact .It Li microsoft Microsoft mouse (serial) .It Li intellimouse Microsoft IntelliMouse (serial) .It Li mousesystems Mouse systems Corp.\& mouse (serial) .It Li mmseries MM Series mouse (serial) .It Li logitech Logitech mouse (serial) .It Li busmouse A bus mouse .It Li mouseman Logitech MouseMan and TrackMan (serial) .It Li glidepoint ALPS GlidePoint (serial) .It Li thinkingmouse Kensington ThinkingMouse (serial) .It Li ps/2 PS/2 mouse .It Li mmhittab MM HitTablet (serial) .It Li x10mouseremote X10 MouseRemote (serial) .It Li versapad Interlink VersaPad (serial) .El .Pp Even if the mouse is not in the above list, it may be compatible with one in the list. Refer to the manual page for .Xr moused 8 for compatibility information. .Pp It should also be noted that while this is enabled, any other client of the mouse (such as an X server) should access the mouse through the virtual mouse device, .Pa /dev/sysmouse , and configure it as a .Dq Li sysmouse type mouse, since all mouse data is converted to this single canonical format when using .Xr moused 8 . If the client program does not support the .Dq Li sysmouse type, specify the .Dq Li mousesystems type. It is the second preferred type. .It Va moused_port .Pq Vt str If .Va moused_enable is set to .Dq Li YES , this is the actual port the mouse is on. It might be -.Pa /dev/cuad0 +.Pa /dev/cuau0 for a COM1 serial mouse, .Pa /dev/psm0 for a PS/2 mouse or .Pa /dev/mse0 for a bus mouse, for example. .It Va moused_flags .Pq Vt str If .Va moused_flags is set, its value is used as an additional set of flags to pass to the .Xr moused 8 daemon. .It Va "moused_" Ns Ar XXX Ns Va "_flags" When .Va moused_nondefault_enable is enabled, and a .Xr moused 8 daemon is started for a non-default port, the .Va "moused_" Ns Ar XXX Ns Va "_flags" set of options has precedence over and replaces the default .Va moused_flags (where .Ar XXX is the name of the non-default port, i.e.,\& .Ar ums0 ) . By setting .Va "moused_" Ns Ar XXX Ns Va "_flags" it is possible to set up a different set of default flags for each .Xr moused 8 instance. For example, you can use .Dq Li "-3" for the default .Va moused_flags to make your laptop's touchpad more comfortable to use, but an empty set of options for .Va moused_ums0_flags when your .Xr usb 4 mouse has three or more buttons. .It Va mousechar_start .Pq Vt int If set to .Dq Li NO , the default mouse cursor character range .Li 0xd0 Ns - Ns Li 0xd3 is used, otherwise the range start is set to .Ar value character, see .Xr vidcontrol 1 . Use if the default range is occupied in the language code table. .It Va allscreens_flags .Pq Vt str If set, .Xr vidcontrol 1 is run with these options for each of the virtual terminals .Pq Pa /dev/ttyv* . For example, .Dq Fl m Cm on will enable the mouse pointer on all virtual terminals if .Va moused_enable is set to .Dq Li YES . .It Va allscreens_kbdflags .Pq Vt str If set, .Xr kbdcontrol 1 is run with these options for each of the virtual terminals .Pq Pa /dev/ttyv* . For example, .Dq Fl h Li 200 will set the .Xr syscons 4 scrollback (history) buffer to 200 lines. .It Va cron_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr cron 8 daemon at system boot time. .It Va cron_program .Pq Vt str Path to .Xr cron 8 (default .Pa /usr/sbin/cron ) . .It Va cron_flags .Pq Vt str If .Va cron_enable is set to .Dq Li YES , these are the flags to pass to .Xr cron 8 . .It Va cron_dst .Pq Vt bool If set to .Dq Li YES , enable the special handling of transitions to and from the Daylight Saving Time in .Xr cron 8 (equivalent to using the flag .Fl s ) . .It Va lpd_program .Pq Vt str Path to .Xr lpd 8 (default .Pa /usr/sbin/lpd ) . .It Va lpd_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr lpd 8 daemon at system boot time. .It Va lpd_flags .Pq Vt str If .Va lpd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr lpd 8 daemon. .It Va chkprintcap_enable .Pq Vt bool If set to .Dq Li YES , run the .Xr chkprintcap 8 command before starting the .Xr lpd 8 daemon. .It Va chkprintcap_flags .Pq Vt str If .Va lpd_enable and .Va chkprintcap_enable are set to .Dq Li YES , these are the flags to pass to the .Xr chkprintcap 8 program. The default is .Dq Li -d , which causes missing directories to be created. .It Va mta_start_script .Pq Vt str This variable specifies the full path to the script to run to start a mail transfer agent. The default is .Pa /etc/rc.sendmail . The .Va sendmail_* variables which .Pa /etc/rc.sendmail uses are documented in the .Xr rc.sendmail 8 manual page. .It Va dumpdev .Pq Vt str Indicates the device (usually a swap partition) to which a crash dump should be written in the event of a system crash. If the value of this variable is .Dq Li AUTO , the first suitable swap device listed in .Pa /etc/fstab will be used as dump device. Otherwise, the value of this variable is passed as the argument to .Xr dumpon 8 . To disable crash dumps, set this variable to .Dq Li NO . .It Va dumpdir .Pq Vt str When the system reboots after a crash and a crash dump is found on the device specified by the .Va dumpdev variable, .Xr savecore 8 will save that crash dump and a copy of the kernel to the directory specified by the .Va dumpdir variable. The default value is .Pa /var/crash . Set to .Dq Li NO to not run .Xr savecore 8 at boot time when .Va dumpdir is set. .It Va savecore_flags .Pq Vt str If crash dumps are enabled, these are the flags to pass to the .Xr savecore 8 utility. .It Va quota_enable .Pq Vt bool Set to .Dq Li YES to turn on user and group disk quotas on system startup via the .Xr quotaon 8 command for all file systems marked as having quotas enabled in .Pa /etc/fstab . The kernel must be built with .Cd "options QUOTA" for disk quotas to function. .It Va check_quotas .Pq Vt bool Set to .Dq Li YES to enable user and group disk quota checking via the .Xr quotacheck 8 command. .It Va quotacheck_flags .Pq Vt str If .Va quota_enable is set to .Dq Li YES , and .Va check_quotas is set to .Dq Li YES , these are the flags to pass to the .Xr quotacheck 8 utility. The default is .Dq Li "-a" , which checks quotas for all file systems with quotas enabled in .Pa /etc/fstab . .It Va quotaon_flags .Pq Vt str If .Va quota_enable is set to .Dq Li YES , these are the flags to pass to the .Xr quotaon 8 utility. The default is .Dq Li "-a" , which enables quotas for all file systems with quotas enabled in .Pa /etc/fstab . .It Va quotaoff_flags .Pq Vt str If .Va quota_enable is set to .Dq Li YES , these are the flags to pass to the .Xr quotaoff 8 utility when shutting down the quota system. The default is .Dq Li "-a" , which disables quotas for all file systems with quotas enabled in .Pa /etc/fstab . .It Va accounting_enable .Pq Vt bool Set to .Dq Li YES to enable system accounting through the .Xr accton 8 facility. .It Va ibcs2_enable .Pq Vt bool Set to .Dq Li YES to enable iBCS2 (SCO) binary emulation at system initial boot time. .It Va ibcs2_loaders .Pq Vt str If not set to .Dq Li NO and if .Va ibcs2_enable is set to .Dq Li YES , this specifies a list of additional iBCS2 loaders to enable. .It Va linux_enable .Pq Vt bool Set to .Dq Li YES to enable Linux/ELF binary emulation at system initial boot time. .It Va svr4_enable .Pq Vt bool If set to .Dq Li YES , enable SysVR4 emulation at boot time. .It Va sysvipc_enable .Pq Vt bool If set to .Dq Li YES , load System V IPC primitives at boot time. .It Va clear_tmp_enable .Pq Vt bool Set to .Dq Li YES to have .Pa /tmp cleaned at startup. .It Va clear_tmp_X .Pq Vt bool Set to .Dq Li NO to disable removing of X11 lock files, and the removal and (secure) recreation of the various socket directories for X11 related programs. .It Va ldconfig_paths .Pq Vt str Set to the list of shared library paths to use with .Xr ldconfig 8 . NOTE: .Pa /usr/lib will always be added first, so it need not appear in this list. .It Va ldconfig32_paths .Pq Vt str Set to the list of 32-bit compatibility shared library paths to use with .Xr ldconfig 8 . .It Va ldconfig_paths_aout .Pq Vt str Set to the list of shared library paths to use with .Xr ldconfig 8 legacy .Xr a.out 5 support. .It Va ldconfig_insecure .Pq Vt bool The .Xr ldconfig 8 utility normally refuses to use directories which are writable by anyone except root. Set this variable to .Dq Li YES to disable that security check during system startup. .It Va ldconfig_local_dirs .Pq Vt str Set to the list of local .Xr ldconfig 8 directories. The names of all files in the directories listed will be passed as arguments to .Xr ldconfig 8 . .It Va ldconfig_local32_dirs .Pq Vt str Set to the list of local 32-bit compatibility .Xr ldconfig 8 directories. The names of all files in the directories listed will be passed as arguments to .Dq Nm ldconfig Fl 32 . .It Va kern_securelevel_enable .Pq Vt bool Set to .Dq Li YES to set the kernel security level at system startup. .It Va kern_securelevel .Pq Vt int The kernel security level to set at startup. The allowed range of .Ar value ranges from \-1 (the compile time default) to 3 (the most secure). See .Xr security 7 for the list of possible security levels and their effect on system operation. .It Va sshd_program .Pq Vt str Path to the SSH server program .Pa ( /usr/sbin/sshd is the default). .It Va sshd_enable .Pq Vt bool Set to .Dq Li YES to start .Xr sshd 8 at system boot time. .It Va sshd_flags .Pq Vt str If .Va sshd_enable is set to .Dq Li YES , these are the flags to pass to the .Xr sshd 8 daemon. .It Va ftpd_program .Pq Vt str Path to the FTP server program .Pa ( /usr/libexec/ftpd is the default). .It Va ftpd_enable .Pq Vt bool Set to .Dq Li YES to start .Xr ftpd 8 as a stand-alone daemon at system boot time. .It Va ftpd_flags .Pq Vt str If .Va ftpd_enable is set to .Dq Li YES , these are the additional flags to pass to the .Xr ftpd 8 daemon. .It Va watchdogd_enable .Pq Vt bool If set to .Dq Li YES , start the .Xr watchdogd 8 daemon at boot time. This requires that the kernel have been compiled with a .Xr watchdog 4 compatible device. .It Va watchdogd_flags .Pq Vt str If .Va watchdogd_enable is set to .Dq Li YES , these are the flags passed to the .Xr watchdogd 8 daemon. .It Va devfs_rulesets .Pq Vt str List of files containing sets of rules for .Xr devfs 8 . .It Va devfs_system_ruleset .Pq Vt str Rule name(s) to apply to the system .Pa /dev itself. .It Va devfs_set_rulesets .Pq Vt str Pairs of already-mounted .Pa dev directories and rulesets that should be applied to them. For example: /mount/dev=ruleset_name .It Va devfs_load_rulesets .Pq Vt bool If set, always load the default rulesets listed in .Va devfs_rulesets . .It Va performance_cx_lowest .Pq Vt str CPU idle state to use while on AC power. The string .Dq Li LOW indicates that .Xr acpi 4 should use the lowest power state available while .Dq Li HIGH indicates that the lowest latency state (less power savings) should be used. .It Va performance_cpu_freq .Pq Vt str CPU clock frequency to use while on AC power. The string .Dq Li LOW indicates that .Xr cpufreq 4 should use the lowest frequency available while .Dq Li HIGH indicates that the highest frequency (less power savings) should be used. .It Va economy_cx_lowest .Pq Vt str CPU idle state to use when off AC power. The string .Dq Li LOW indicates that .Xr acpi 4 should use the lowest power state available while .Dq Li HIGH indicates that the lowest latency state (less power savings) should be used. .It Va economy_cpu_freq .Pq Vt str CPU clock frequency to use when off AC power. The string .Dq Li LOW indicates that .Xr cpufreq 4 should use the lowest frequency available while .Dq Li HIGH indicates that the highest frequency (less power savings) should be used. .It Va jail_enable .Pq Vt bool If set to .Dq Li NO , any configured jails will not be started. .It Va jail_parallel_start .Pq Vt bool If set to .Dq Li YES , all configured jails will be started in the background (in parallel). .It Va jail_list .Pq Vt str A space separated list of names for jails. This is purely a configuration aid to help identify and configure multiple jails. The names specified in this list will be used to identify settings common to an instance of a jail, and should contain alphanumeric characters only. Assuming that the jail in question was named .Li vjail , you would have the following dependent variables: .Bd -literal jail_vjail_hostname="jail.example.com" jail_vjail_ip="192.0.2.100" jail_vjail_rootdir="/var/jails/vjail/root" .Ed .Pp .It Va jail_flags .Pq Vt str Unset by default. When set, use as default value for .Va jail_ Ns Ao Ar jname Ac Ns Va _flags for every jail in .Va jail_list . .It Va jail_interface .Pq Vt str Unset by default. When set, use as default value for .Va jail_ Ns Ao Ar jname Ac Ns Va _interface for every jail in .Va jail_list . .It Va jail_fstab .Pq Vt str Unset by default. When set, use as default value for .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab for every jail in .Va jail_list . .It Va jail_mount_enable .Pq Vt bool Set to .Dq Li NO by default. When set to .Dq Li YES , sets .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable to .Dq Li YES by default for every jail in .Va jail_list . .It Va jail_devfs_ruleset .Pq Vt str Unset by default. When set, sets .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset to given value for every jail in .Va jail_list . .It Va jail_devfs_enable .Pq Vt bool Set to .Dq Li NO by default. When set to .Dq Li YES , sets .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable to .Dq Li YES by default for every jail in .Va jail_list . .It Va jail_fdescfs_enable .Pq Vt bool Set to .Dq Li NO by default. When set to .Dq Li YES , sets .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable to .Dq Li YES by default for every jail in .Va jail_list . .It Va jail_procfs_enable .Pq Vt bool Set to .Dq Li NO by default. When set to .Dq Li YES , sets .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable to .Dq Li YES by default for every jail in .Va jail_list . .It Va jail_exec_prestart Ns Aq Ar N .Pq Vt str Unset by default. When set, use as default value for .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N for every jail in .Va jail_list . .It Va jail_exec_start .Pq Vt str Unset by default. When set, use as default value for .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start for every jail in .Va jail_list . .It Va jail_exec_afterstart Ns Aq Ar N .Pq Vt str Unset by default. When set, use as default value for .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N for every jail in .Va jail_list . .It Va jail_exec_poststart Ns Aq Ar N .Pq Vt str Unset by default. When set, use as default value for .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N for every jail in .Va jail_list . .It Va jail_exec_prestop Ns Aq Ar N .Pq Vt str Unset by default. When set, use as default value for .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N for every jail in .Va jail_list . .It Va jail_exec_stop Unset by default. When set, use as default value for .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop for every jail in .Va jail_list . .It Va jail_exec_poststop Ns Aq Ar N .Pq Vt str Unset by default. When set, use as default value for .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N for every jail in .Va jail_list . .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir .Pq Vt str Unset by default. Set to the root directory used by jail .Va jname . .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname .Pq Vt str Unset by default. Set to the fully qualified domain name (FQDN) assigned to jail .Va jname . .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip .Pq Vt str Unset by default. Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. The argument can be a sole address or a comma separated list of addresses. Additionally each address can be prefixed by the name of an interface followed by a pipe to overwrite .Va jail_ Ns Ao Ar jname Ac Ns Va _interface or .Va jail_interface and/or suffixed by a netmask, prefixlen or prefix. In case no netmask, prefixlen or prefix is given, .Sq /32 will be used for IPv4 and .Sq /128 will be used for an IPv6 address. If no address is given for the jail then the jail will be started with no networking support. .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n .Pq Vt str Unset by default. Set additional IPv4 and/or IPv6 address(es) assigned to the jail. The sequence starts with .Dq Li _multi0 and the numbers have to be strictly ascending. These entries follow the same syntax as their primary .Va jail_ Ns Ao Ar jname Ac Ns Va _ip entry. The order of the entries can be important as the first address for each address family found will be the primary address of the jail. See .Va ip-addresses option in .Xr jail 8 for more details. .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags .Pq Vt str Set to .Dq Li -l -U root by default. These are flags to pass to .Xr jail 8 . .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface .Pq Vt str Unset by default. When set, sets the interface to use when setting IP address alias. Note that the alias is created at jail startup and removed at jail shutdown. .It Va jail_ Ns Ao Ar jname Ac Ns Va _fib .Pq Vt str Unset by default. When set, the jail is started with the specified forwarding table (sometimes referred to as a routing table) via .Xr setfib 1 . .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab .Pq Vt str Set to .Pa /etc/fstab. Ns Aq Ar jname by default. This is the file system information file to use for jail .Va jname . .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable .Pq Vt bool Set to .Dq Li NO by default. When set to .Dq Li YES , mount all file systems from .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab at jail startup. .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .Pq Vt str Unset by default. When set, defines the device file system ruleset file to use for jail .Va jname . .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable .Pq Vt bool Set to .Dq Li NO by default. When set to .Dq Li YES , mount the device file system inside jail .Ar jname at jail startup. .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable .Pq Vt bool Set to .Dq Li NO by default. When set to .Dq Li YES , mount the file-descriptor file system inside jail .Ar jname at jail startup. .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .Pq Vt bool Set to .Dq Li NO by default. When set to .Dq Li YES , mount the process file system inside jail .Ar jname at jail startup. .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N .Pq Vt str Unset by default. This is the command run as .Ar N Ns th command before jail startup, where .Ar N is 0, 1, and so on. It is run outside the jail. .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .Pq Vt str Set to .Dq Li /bin/sh /etc/rc by default. This is the command executed in a jail at jail startup. .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N .Pq Vt str Unset by default. This is the command run as .Ar N Ns th command in a jail after jail startup, where .Ar N is 1, 2, and so on. .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N .Pq Vt str Unset by default. This is the command run as .Ar N Ns th command after jail startup, where .Ar N is 0, 1, and so on. It is run outside the jail. .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N .Pq Vt str Unset by default. This is the command run as .Ar N Ns th command before jail shutdown, where .Ar N is 0, 1, and so on. It is run outside the jail. .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop .Pq Vt str Set to .Dq Li /bin/sh /etc/rc.shutdown by default. This is the command executed in a jail at jail shutdown. .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N .Pq Vt str Unset by default. This is the command run as .Ar N Ns th command after jail shutdown, where .Ar N is 0, 1, and so on. It is run outside the jail. .It Va jail_set_hostname_allow .Pq Vt bool If set to .Dq Li NO , do not allow the root user in a jail to set its hostname. .It Va jail_socket_unixiproute_only .Pq Vt bool If set to .Dq Li YES , do not allow any sockets, besides UNIX/IP/route sockets, to be used within a jail. .It Va jail_sysvipc_allow .Pq Vt bool If set to .Dq Li YES , allow applications within a jail to use System V IPC. .\" ----------------------------------------------------- .It Va harvest_interrupt .Pq Vt bool Set to .Dq Li YES to use hardware interrupts as an entropy source. Refer to .Xr random 4 for more information. .It Va harvest_ethernet .Pq Vt bool Set to .Dq Li YES to use LAN traffic as an entropy source. Refer to .Xr random 4 for more information. .It Va harvest_p_to_p .Pq Vt bool Set to .Dq Li YES to use serial line traffic as an entropy source. Refer to .Xr random 4 for more information. .It Va entropy_dir .Pq Vt str Set to .Dq Li NO to disable caching entropy via .Xr cron 8 . Otherwise set to the directory used to store entropy files in. .It Va entropy_file .Pq Vt str Set to .Dq Li NO to disable caching entropy through reboots. Otherwise set to the filename used to store cached entropy through reboots. This file should be located on the root file system to seed the .Xr random 4 device as early as possible in the boot process. .It Va entropy_save_sz .Pq Vt int Size of the entropy cache files saved by .Nm save-entropy periodically. .It Va entropy_save_num .Pq Vt int Number of entropy cache files to save by .Nm save-entropy periodically. .It Va ipsec_enable .Pq Vt bool Set to .Dq Li YES to run .Xr setkey 8 on .Va ipsec_file at boot time. .It Va ipsec_file .Pq Vt str Configuration file for .Xr setkey 8 . .It Va dmesg_enable .Pq Vt bool Set to .Dq Li YES to save .Xr dmesg 8 to .Pa /var/run/dmesg.boot on boot. .It Va rcshutdown_timeout .Pq Vt int If set, start a watchdog timer in the background which will terminate .Pa rc.shutdown if .Xr shutdown 8 has not completed within the specified time (in seconds). Notice that in addition to this soft timeout, .Xr init 8 also applies a hard timeout for the execution of .Pa rc.shutdown . This is configured via .Xr sysctl 8 variable .Va kern.init_shutdown_timeout and defaults to 120 seconds. Setting the value of .Va rcshutdown_timeout to more than 120 seconds will have no effect until the .Xr sysctl 8 variable .Va kern.init_shutdown_timeout is also increased. .It Va virecover_enable .Pq Vt bool Set to .Dq Li NO to prevent the system from trying to recover pre-maturely terminated .Xr vi 1 sessions. .It Va ugidfw_enable .Pq Vt bool Set to .Dq Li YES to load the .Xr mac_bsdextended 4 module upon system initialization and load a default ruleset file. .It Va bsdextended_script .Pq Vt str The default .Xr mac_bsdextended 4 ruleset file to load. The default value of this variable is .Pa /etc/rc.bsdextended . .It Va newsyslog_enable .Pq Vt bool If set to .Dq Li YES , run .Xr newsyslog 8 command at startup. .It Va newsyslog_flags .Pq Vt str If .Va newsyslog_enable is set to .Dq Li YES , these are the flags to pass to the .Xr newsyslog 8 program. The default is .Dq Li -CN , which causes log files flagged with a .Cm C to be created. .It Va mdconfig_md Ns Aq Ar X .Pq Vt str Arguments to .Xr mdconfig 8 for .Xr md 4 device .Ar X . At minimum a .Fl t Ar type must be specified and either a .Fl s Ar size for malloc or swap backed .Xr md 4 devices or a .Fl f Ar file for vnode backed .Xr md 4 devices. Note that .Va mdconfig_md Ns Aq Ar X variables are evaluated until one variable is unset or null. .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs .Pq Vt str Optional arguments passed to .Xr newfs 8 to initialize .Xr md 4 device .Ar X . .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner .Pq Vt str An ownership specification passed to .Xr chown 8 after the specified .Xr md 4 device .Ar X has been mounted. Both the .Xr md 4 device and the mount point will be changed. .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms .Pq Vt str A mode string passed to .Xr chmod 1 after the specified .Xr md 4 device .Ar X has been mounted. Both the .Xr md 4 device and the mount point will be changed. .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files .Pq Vt str Files to be copied to the mount point of the .Xr md 4 device .Ar X after it has been mounted. .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd .Pq Vt str Command to execute after the specified .Xr md 4 device .Ar X has been mounted. Note that the command is passed to .Ic eval and that both .Va _dev and .Va _mp variables can be used to reference respectively the .Xr md 4 device and the mount point. Assuming that the .Xr md 4 device is .Li md0 , one could set the following: .Bd -literal mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" .Ed .It Va autobridge_interfaces .Pq Vt str Set to the list of bridge interfaces that will have newly arriving interfaces checked against to be automatically added. If not set to .Dq Li NO then for each whitespace separated .Ar element in the value, a .Va autobridge_ Ns Aq Ar element variable is assumed to exist which has a whitespace separated list of interface names to match, these names can use wildcards. For example: .Bd -literal autobridge_interfaces="bridge0" autobridge_bridge0="tap* dc0 vlan[345]" .Ed .It Va mixer_enable .Pq Vt bool If set to .Dq Li YES , enable support for sound mixer. .It Va hcsecd_enable .Pq Vt bool If set to .Dq Li YES , enable Bluetooth security daemon. .It Va hcsecd_config .Pq Vt str Configuration file for .Xr hcsecd 8 . Default .Pa /etc/bluetooth/hcsecd.conf . .It Va sdpd_enable .Pq Vt bool If set to .Dq Li YES , enable Bluetooth Service Discovery Protocol daemon. .It Va sdpd_control .Pq Vt str Path to .Xr sdpd 8 control socket. Default .Pa /var/run/sdp . .It Va sdpd_groupname .Pq Vt str Sets .Xr sdpd 8 group to run as after it initializes. Default .Dq Li nobody . .It Va sdpd_username .Pq Vt str Sets .Xr sdpd 8 user to run as after it initializes. Default .Dq Li nobody . .It Va bthidd_enable .Pq Vt bool If set to .Dq Li YES , enable Bluetooth Human Interface Device daemon. .It Va bthidd_config .Pq Vt str Configuration file for .Xr bthidd 8 . Default .Pa /etc/bluetooth/bthidd.conf . .It Va bthidd_hids .Pq Vt str Path to a file, where .Xr bthidd 8 will store information about known HID devices. Default .Pa /var/db/bthidd.hids . .It Va rfcomm_pppd_server_enable .Pq Vt bool If set to .Dq Li YES , enable Bluetooth RFCOMM PPP wrapper daemon. .It Va rfcomm_pppd_server_profile .Pq Vt str The name of the profile to use from .Pa /etc/ppp/ppp.conf . Multiple profiles can be specified here. Also used to specify per-profile overrides. When the profile name contains any of the characters .Dq Li .-/+ they are translated to .Dq Li _ for the proposes of the override variable names. .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr .Pq Vt str Overrides local address to listen on. By default .Xr rfcomm_pppd 8 will listen on .Dq Li ANY address. The address can be specified as BD_ADDR or name. .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel .Pq Vt str Overrides local RFCOMM channel to listen on. By default .Xr rfcomm_pppd 8 will listen on RFCOMM channel 1. Must set properly if multiple profiles used in the same time. .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp .Pq Vt bool Tells .Xr rfcomm_pppd 8 if it should register Serial Port service on the specified RFCOMM channel. Default .Dq Li NO . .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun .Pq Vt bool Tells .Xr rfcomm_pppd 8 if it should register Dial-Up Networking service on the specified RFCOMM channel. Default .Dq Li NO . .It Va ubthidhci_enable .Pq Vt bool If set to .Dq Li YES , change the USB Bluetooth controller from HID mode to HCI mode. You also need to specify the location of USB Bluetooth controller with the .Va ubthidhci_busnum and .Va ubthidhci_addr variables. .It Va ubthidhci_busnum Bus number where the USB Bluetooth controller is located. Check the output of .Xr usbconfig 8 on your system to find this information. .It Va ubthidhci_addr Bus address of the USB Bluetooth controller. Check the output of .Xr usbconfig 8 on your system to find this information. .It Va netwait_enable .Pq Vt bool If set to .Dq Li YES , delays the start of network-reliant services until .Va netwait_if is up and ICMP packets to a destination defined in .Va netwait_ip are flowing. Link state is examined first, followed by .Dq Li pinging an IP address to verify network usability. If no destination can be reached or timeouts are exceeded, network services are started anyway with no guarantee that the network is usable. Use of this variable requires both .Va netwait_ip and .Va netwait_if to be set. .It Va netwait_ip .Pq Vt str Empty by default. This variable contains a space-delimited list of IP addresses to .Xr ping 8 . DNS hostnames should not be used as resolution is not guaranteed to be functional at this point. If multiple IP addresses are specified, each will be tried until one is successful or the list is exhausted. .It Va netwait_timeout .Pq Vt int Indicates the total number of seconds to perform a .Dq Li ping against each IP address in .Va netwait_ip , at a rate of one ping per second. If any of the pings are successful, full network connectivity is considered reliable. The default is 60. .It Va netwait_if .Pq Vt str Empty by default. Defines the name of the network interface on which watch for link. .Xr ifconfig 8 is used to monitor the interface, looking for .Dq Li status: no carrier . Once gone, the link is considered up. This can be a .Xr vlan 4 interface if desired. .It Va netwait_if_timeout .Pq Vt int Defines the total number of seconds to wait for link to become usable, polled at a 1-second interval. The default is 30. .El .Sh FILES .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact .It Pa /etc/defaults/rc.conf .It Pa /etc/rc.conf .It Pa /etc/rc.conf.local .El .Sh SEE ALSO .Xr catman 1 , .Xr chmod 1 , .Xr gdb 1 , .Xr info 1 , .Xr kbdcontrol 1 , .Xr makewhatis 1 , .Xr sh 1 , .Xr vi 1 , .Xr vidcontrol 1 , .Xr bridge 4 , .Xr dummynet 4 , .Xr ip 4 , .Xr ipf 4 , .Xr ipfw 4 , .Xr ipnat 4 , .Xr kld 4 , .Xr pf 4 , .Xr pflog 4 , .Xr pfsync 4 , .Xr tcp 4 , .Xr udp 4 , .Xr exports 5 , .Xr fstab 5 , .Xr ipf 5 , .Xr ipnat 5 , .Xr motd 5 , .Xr newsyslog.conf 5 , .Xr pf.conf 5 , .Xr security 7 , .Xr accton 8 , .Xr amd 8 , .Xr apm 8 , .Xr atm 8 , .Xr bthidd 8 , .Xr chkprintcap 8 , .Xr chown 8 , .Xr cron 8 , .Xr devfs 8 , .Xr dhclient 8 , .Xr ftpd 8 , .Xr geli 8 , .Xr hcsecd 8 , .Xr ifconfig 8 , .Xr inetd 8 , .Xr ipf 8 , .Xr ipfw 8 , .Xr ipnat 8 , .Xr jail 8 , .Xr kldxref 8 , .Xr lpd 8 , .Xr mdconfig 8 , .Xr mdmfs 8 , .Xr mixer 8 , .Xr mountd 8 , .Xr moused 8 , .Xr mrouted 8 , .Xr named 8 , .Xr newfs 8 , .Xr newsyslog 8 , .Xr nfsd 8 , .Xr ntpd 8 , .Xr ntpdate 8 , .Xr pfctl 8 , .Xr pflogd 8 , .Xr ping 8 , .Xr powerd 8 , .Xr quotacheck 8 , .Xr quotaon 8 , .Xr rc 8 , .Xr rc.sendmail 8 , .Xr rfcomm_pppd 8 , .Xr route 8 , .Xr routed 8 , .Xr rpcbind 8 , .Xr rpc.lockd 8 , .Xr rpc.statd 8 , .Xr rwhod 8 , .Xr savecore 8 , .Xr sdpd 8 , .Xr sshd 8 , .Xr swapon 8 , .Xr sysctl 8 , .Xr syslogd 8 , .Xr timed 8 , .Xr usbconfig 8 , .Xr wlandebug 8 , .Xr yp 8 , .Xr ypbind 8 , .Xr ypserv 8 , .Xr ypset 8 .Sh HISTORY The .Nm file appeared in .Fx 2.2.2 . .Sh AUTHORS .An Jordan K. Hubbard . Index: head/share/man/man5/remote.5 =================================================================== --- head/share/man/man5/remote.5 (revision 244039) +++ head/share/man/man5/remote.5 (revision 244040) @@ -1,214 +1,214 @@ .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by the University of .\" California, Berkeley and its contributors. .\" 4. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" @(#)remote.5 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" .Dd October 20, 2003 .Dt REMOTE 5 .Os .Sh NAME .Nm remote .Nd remote host description file .Sh DESCRIPTION The systems known by .Xr tip 1 and their attributes are stored in an .Tn ASCII file which is structured somewhat like the .Xr termcap 5 file. Each line in the file provides a description for a single .Em system . Fields are separated by a colon (``:''). Lines ending in a \e character with an immediately following newline are continued on the next line. .Pp The first entry is the name(s) of the host system. If there is more than one name for a system, the names are separated by vertical bars. After the name of the system comes the fields of the description. A field name followed by an `=' sign indicates a string value. A field name followed by a `#' sign indicates a numeric value. .Pp Entries named ``tip*'' and ``cu*'' are used as default entries by .Xr tip 1 , and the .Xr cu 1 interface to .Nm tip , as follows. When .Nm tip is invoked with only a phone number, it looks for an entry of the form ``tip300'', where 300 is the data rate with which the connection is to be made. When the .Nm cu interface is used, entries of the form ``cu300'' are used. .Sh CAPABILITIES Capabilities are either strings (str), numbers (num), or boolean flags (bool). A string capability is specified by .Em capability Ns Ar = Ns Em value ; for example, ``dv=/dev/harris''. A numeric capability is specified by .Em capability Ns Ar # Ns Em value ; for example, ``xa#99''. A boolean capability is specified by simply listing the capability. .Bl -tag -width indent .It Cm \&at (str) Auto call unit type. .It Cm \&br (num) The data rate (bits per second) used for communications on the serial port. When a modem is used, the data rate used to communicate with the remote modem may be different than this rate. This is a decimal number. The default rate is 9600 bits per second. .It Cm \&cm (str) An initial connection message to be sent to the remote host. For example, if a host is reached through a port selector, this might be set to the appropriate sequence required to switch to the host. .It Cm \&cu (str) Call unit if making a phone call. Default is the same as the `dv' field. .It Cm \&di (str) Disconnect message sent to the host when a disconnect is requested by the user. .It Cm \&du (bool) This host is on a dial-up line. .It Cm \&dv (str) .Ux device(s) to open to establish a connection. If this file refers to a terminal line, .Xr tip 1 attempts to perform an exclusive open on the device to ensure only one user at a time has access to the port. .It Cm \&el (str) Characters marking an end-of-line. The default is .Dv NULL . `~' escapes are only recognized by .Nm tip after one of the characters in `el', or after a carriage-return. .It Cm \&fs (str) Frame size for transfers. The default frame size is equal to .Dv BUFSIZ . .It Cm \&hd (bool) The host uses half-duplex communication, local echo should be performed. .It Cm \&ie (str) Input end-of-file marks. The default is .Dv NULL . .It Cm \&oe (str) Output end-of-file string. The default is .Dv NULL . When .Nm tip is transferring a file, this string is sent at end-of-file. .It Cm \&pa (str) The type of parity to use when sending data to the host. This may be one of ``even'', ``odd'', ``none'', ``zero'' (always set bit 8 to zero), ``one'' (always set bit 8 to 1). The default is even parity. .It Cm \&pn (str) Telephone number(s) for this host. If the telephone number field contains an @ sign, .Nm tip searches the file .Pa /etc/phones file for a list of telephone numbers (see .Xr phones 5 ) . .It Cm \&tc (str) Indicates that the list of capabilities is continued in the named description. This is used primarily to share common capability information. .El .Sh FILES .Bl -tag -width /etc/remote -compact .It Pa /etc/remote The .Nm host description file resides in .Pa /etc . .El .Sh EXAMPLES Here is a short example showing the use of the capability continuation feature. It defines a 56k modem connection on the first serial port at 115200 bits per second, no parity using the Hayes command set with standard line editing and end of file characters. The arpavax entry includes everything in the UNIX-57600 entry plus the phone number for arpavax (in this case an @ character so that it is retrieved from the environment). .Bd -literal UNIX-57600:\e -:dv=/dev/cuad0:el=^D^U^C^S^Q^O@:oe=^D:du:at=hayes:br#115200:pa=none: +:dv=/dev/cuau0:el=^D^U^C^S^Q^O@:oe=^D:du:at=hayes:br#115200:pa=none: arpavax|ax:\e :pn=\e@:tc=UNIX-57600 .Ed .Sh SEE ALSO .Xr cu 1 , .Xr tip 1 , .Xr phones 5 .Sh HISTORY The .Nm file format appeared in .Bx 4.2 . .Sh BUGS The .Xr tip 1 utility uses its own notion of the serial ports data rate rather than the system default for a serial port. Index: head/tools/debugscripts/dot.gdbinit =================================================================== --- head/tools/debugscripts/dot.gdbinit (revision 244039) +++ head/tools/debugscripts/dot.gdbinit (revision 244040) @@ -1,117 +1,117 @@ # $FreeBSD$ # .gdbinit file for remote serial debugging. # # XXX Do not use this file directly. It contains parameters which are # XXX substituted by the kernel Makefile when you do a 'make gdbinit'. # XXX This also removes lines starting with '# XXX'. # XXX # To debug kernels, do: # # cd /usr/obj/usr/src/sys/GENERIC (or kernel build directory) # make gdbinit # gdb kernel.debug # # Read gdb(4) for more details. # The following lines (down to "***** End" comment) may need to be changed # Bit rate for serial link. Due to problems in the interface, # this may not work well above 9600 bps. set remotebaud 9600 set output-radix 16 set height 70 set width 120 set remotetimeout 1 set complaints 1 set print pretty dir ../../.. # ***** End of things you're likely to need to change. # Connect to remote target via a serial port. define tr # Remote debugging port target remote $arg0 end document tr -Debug a remote system via serial or firewire interface. For example, specify 'tr /dev/cuad0' to use first serial port, or 'tr localhost:5556' for default firewire port. See also tr0, tr1 and trf commands. +Debug a remote system via serial or firewire interface. For example, specify 'tr /dev/cuau0' to use first serial port, or 'tr localhost:5556' for default firewire port. See also tr0, tr1 and trf commands. end # Convenience functions. These call tr. -# debug via cuad0 +# debug via cuau0 define tr0 -tr /dev/cuad0 +tr /dev/cuau0 end define tr1 -tr /dev/cuad1 +tr /dev/cuau1 end # Firewire define trf tr localhost:5556 end document tr0 -Debug a remote system via serial interface /dev/cuad0. See also tr, tr1 and trf commands. +Debug a remote system via serial interface /dev/cuau0. See also tr, tr1 and trf commands. end document tr1 -Debug a remote system via serial interface /dev/cuad1. See also tr, tr0 and trf commands. +Debug a remote system via serial interface /dev/cuau1. See also tr, tr0 and trf commands. end document trf Debug a remote system via firewire interface at default port 5556. See also tr, tr0 and tr1 commands. end # Get symbols from klds. Unfortunately, there are a number of # landmines involved here: # # When debugging the same machine (via /dev/mem), we can get the # script to call kldstat and pass the info on to asf(8). This won't # work for crashes or remote debugging, of course, because we'd get # the information for the wrong system. Instead, we use the macro # "kldstat", which extracts the information from the "dump". The # trouble here is that it's a pain to use, since gdb doesn't have the # capability to pass data to scripts, so we have to mark it and paste # it into the script. This makes it silly to use this method for # debugging the local system. Instead, we have two scripts: # # getsyms uses the information in the "dump", and you have to paste it. # kldsyms uses the local kld information. # # Improvements in gdb should make this go away some day. # define kldsyms # This will be replaced by the path of the real modules directory. shell asf -f -k MODPATH source .asf end document kldsyms Read in the symbol tables for the debugging machine. This only makes sense when debugging /dev/mem; use the 'getsyms' macro for remote debugging. end # Remote system define getsyms kldstat echo Select the list above with the mouse, paste into the screen\n echo and then press ^D. Yes, this is annoying.\n # This will be replaced by the path of the real modules directory. shell asf -f MODPATH source .asf end document getsyms Display kldstat information for the target machine and invite user to paste it back in. This causes the symbols for the KLDs to be loaded. When doing memory debugging, use the command kldsyms instead. end source gdbinit.kernel source gdbinit.machine echo Ready to go. Enter 'tr' to connect to the remote target\n -echo with /dev/cuad0, 'tr /dev/cuad1' to connect to a different port\n +echo with /dev/cuau0, 'tr /dev/cuau1' to connect to a different port\n echo or 'trf portno' to connect to the remote target with the firewire\n echo interface. portno defaults to 5556.\n echo \n echo Type 'getsyms' after connection to load kld symbols.\n echo \n echo If you're debugging a local system, you can use 'kldsyms' instead\n echo to load the kld symbols. That's a less obnoxious interface.\n Index: head/tools/test/ppsapi/Makefile =================================================================== --- head/tools/test/ppsapi/Makefile (revision 244039) +++ head/tools/test/ppsapi/Makefile (revision 244040) @@ -1,11 +1,11 @@ # $FreeBSD$ PROG= ppsapitest NO_MAN= WARNS?= 5 .include test: ${PROG} - ./${PROG} /dev/cuad0 + ./${PROG} /dev/cuau0 Index: head/tools/test/ppsapi/README =================================================================== --- head/tools/test/ppsapi/README (revision 244039) +++ head/tools/test/ppsapi/README (revision 244040) @@ -1,48 +1,48 @@ # $FreeBSD$ This is a small test program which I have had around since we wrote the RFC 2783 API. Options: -a capture assert flank -c capture clear flank (if neither -a -c: capture all available flanks) -A output on assert flank -C output on clear flank (if neither -A -C: output on all flanks) -e enable echo (all possible flanks) -u unbuffered output. -v verbose. The output looks like: -# ./ppsapitest -C /dev/cuad4 +# ./ppsapitest -C /dev/cuau4 1070915603 .703680117 119 1070915940 .902275676 121 1070915941 .703657317 120 1070915941 .902327516 122 1070915942 .703657077 121 1070915942 .902367957 123 1070915943 .703657557 122 1070915943 .902419077 124 1070915944 .703656717 123 1070915944 .902467197 125 1070915945 .703657077 124 1070915945 .902527078 126 Columns: assert seconds (tv_sec) assert nanoseconds (tv_nsec) assert sequence number clear seconds (tv_sec) clear nanoseconds (tv_nsec) clear sequence number (If the -C option had not been specified, twice as many lines would be output: -# ./ppsapitest /dev/cuad4 +# ./ppsapitest /dev/cuau4 1070916432 .703624557 125 1070915945 .902527078 126 1070916432 .703624557 125 1070916432 .902303156 127 1070916433 .703624557 126 1070916432 .902303156 127 1070916433 .703624557 126 1070916433 .902348396 128 1070916434 .703625757 127 1070916433 .902348396 128 1070916434 .703625757 127 1070916434 .902396877 129 1070916435 .703623837 128 1070916434 .902396877 129 1070916435 .703623837 128 1070916435 .902444277 130 Index: head/usr.bin/tip/tip/cu.1 =================================================================== --- head/usr.bin/tip/tip/cu.1 (revision 244039) +++ head/usr.bin/tip/tip/cu.1 (revision 244040) @@ -1,506 +1,506 @@ .\" $OpenBSD: cu.1,v 1.3 2006/06/07 06:35:59 mbalmer Exp $ .\" .\" Copyright (c) 1980, 1990, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" @(#)tip.1 8.4 (Berkeley) 4/18/94 .\" $FreeBSD$ .\" .Dd September 1, 2006 .Dt CU 1 .Os .Sh NAME .Nm cu .Nd call UNIX .Sh SYNOPSIS .Nm .Op Fl ehot .Op Fl a Ar acu .Op Fl l Ar line .Op Fl s Ar speed | Fl Ar speed .Op Ar phone-number .Sh DESCRIPTION The .Nm utility establishes a full-duplex connection to another machine, giving the appearance of being logged in directly on the remote CPU. It goes without saying that you must have a login on the machine (or equivalent) to which you wish to connect. .Pp The options are as follows: .Bl -tag -width indent .It Fl a Ar acu Set the acu. .It Fl e Use even parity. If both .Fl e and .Fl o are given, then no parity is used (the default). .It Fl h Echo characters locally (half-duplex mode). .It Fl l Ar line Specify the line to use. Either of the forms like -.Pa cuad0 +.Pa cuau0 or -.Pa /dev/cuad0 +.Pa /dev/cuau0 are permitted. .It Fl o Use odd parity. If both .Fl e and .Fl o are given, then no parity is used (the default). .It Fl s Ar speed | Fl Ar speed Set the speed of the connection. The default is 9600. .It Fl t Connect via a hard-wired connection to a host on a dial-up line. .El .Pp Typed characters are normally transmitted directly to the remote machine (which does the echoing as well). A tilde .Pq Ql ~ appearing as the first character of a line is an escape signal; the following are recognized: .Bl -tag -width indent .It Ic ~^D No or Ic ~. Drop the connection and exit. Only the connection is dropped \(en the login session is not terminated. .It Ic ~c Op Ar name Change directory to .Ar name (no argument implies change to home directory). .It Ic ~! Escape to a shell (exiting the shell will return to .Nm ) . .It Ic ~> Copy file from local to remote. The .Nm utility prompts for the name of a local file to transmit. .It Ic ~< Copy file from remote to local. The .Nm utility prompts first for the name of the file to be sent, then for a command to be executed on the remote machine. .It Ic ~p Ar from Op Ar to Send a file to a remote .Ux host. This command causes the remote .Ux system to run the following command string, sending it the .Ar from file: .Pp .Dl "stty -echo; cat > 'to'; stty echo" .Pp If the .Ar to file is not specified, the .Ar from file name is used. This command is actually a .Ux specific version of the .Ic ~> command. .It Ic ~t Ar from Op Ar to Take a file from a remote .Ux host. As in the .Ic ~p command, the .Ar to file defaults to the .Ar from file name if it is not specified. The remote host executes the following command string to send the file to .Nm : .Pp .Dl "cat 'from'; echo '' | tr '\e012' '\e01'" .It Ic ~| Pipe the output from a remote command to a local .Ux process. The command string sent to the local .Ux system is processed by the shell. .It Ic ~$ Pipe the output from a local .Ux process to the remote host. The command string sent to the local .Ux system is processed by the shell. .It Ic ~C Fork a child process on the local system to perform special protocols such as .Tn XMODEM . The child program will be run with the following arrangement of file descriptors: .Bd -literal -offset indent 0 <-> remote tty in 1 <-> remote tty out 2 <-> local tty stderr .Ed .It Ic ~# Send a .Dv BREAK to the remote system. For systems which do not support the necessary .Fn ioctl call, the break is simulated by a sequence of line speed changes and .Dv DEL characters. .It Ic ~s Set a variable (see the discussion below). .It Ic ~v List all variables and their values (if set). .It Ic ~^Z Stop .Nm (only available with job control). .It Ic ~^Y Stop only the .Dq "local side" of .Nm (only available with job control); the .Dq "remote side" of .Nm , the side that displays output from the remote host, is left running. .It Ic ~? Get a summary of the tilde escapes. .El .Pp When .Nm prompts for an argument, for example during setup of a file transfer, the line typed may be edited with the standard erase and kill characters. A null line in response to a prompt, or an interrupt, will abort the dialogue and return the user to the remote machine. .Pp The .Nm utility guards against multiple users connecting to a remote system by opening modems and terminal lines with exclusive access, and by honoring the locking protocol used by .Xr uucico 8 Pq Pa ports/net/freebsd-uucp . .Pp During file transfers .Nm provides a running count of the number of lines transferred. When using the .Ic ~> and .Ic ~< commands, the .Va eofread and .Va eofwrite variables are used to recognize end-of-file when reading, and specify end-of-file when writing (see below). File transfers normally depend on hardwareflow or tandem mode for flow control. If the remote system does not support hardwareflow or tandem mode, .Va echocheck may be set to indicate that .Nm should synchronize with the remote system on the echo of each transmitted character. .Pp When .Nm must dial a phone number to connect to a system, it will print various messages indicating its actions. The .Nm utility supports a variety of auto-call units and modems with the .Va at capability in system descriptions. .Pp Support for Ventel 212+ (ventel), Hayes AT-style (hayes), USRobotics Courier (courier), Telebit T3000 (t3000) and Racal-Vadic 831 (vadic) units is enabled by default. .Pp Support for Bizcomp 1031[fw] (biz31[fw]), Bizcomp 1022[fw] (biz22[fw]), DEC DF0[23]-AC (df0[23]), DEC DN-11 (dn11) and Racal-Vadic 3451 (v3451) units can be added by recompiling .Nm with the appropriate defines. .Pp Note that if support for both the Racal-Vadic 831 and 3451 is enabled, they are referred to as the v831 and v3451, respectively. If only one of the two is supported, it is referred to as vadic. .Ss Variables The .Nm utility maintains a set of variables which control its operation. Some of these variables are read-only to normal users (root is allowed to change anything of interest). Variables may be displayed and set through the .Ic ~s escape. The syntax for variables is patterned after .Xr vi 1 and .Xr Mail 1 . Supplying .Dq Li all as an argument to the set command displays all variables readable by the user. Alternatively, the user may request display of a particular variable by attaching a .Ql \&? to the end. For example, .Dq Li escape? displays the current escape character. .Pp Variables are numeric, string, character, or boolean values. Boolean variables are set merely by specifying their name; they may be reset by prepending a .Ql \&! to the name. Other variable types are set by concatenating an .Ql = and the value. The entire assignment must not have any blanks in it. A single set command may be used to interrogate as well as set a number of variables. Certain common variables have abbreviations. The following is a list of common variables, their abbreviations, and their default values: .Bl -tag -width indent .It Va baudrate .Pq Vt num The baud rate at which the connection was established; abbreviated .Va ba . .It Va beautify .Pq Vt bool Discard unprintable characters when a session is being scripted; abbreviated .Va be . .It Va dialtimeout .Pq Vt num When dialing a phone number, the time (in seconds) to wait for a connection to be established; abbreviated .Va dial . .It Va echocheck .Pq Vt bool Synchronize with the remote host during file transfer by waiting for the echo of the last character transmitted; default is .Cm off . .It Va eofread .Pq Vt str The set of characters which signify an end-of-transmission during a .Ic ~< file transfer command; abbreviated .Va eofr . .It Va eofwrite .Pq Vt str The string sent to indicate end-of-transmission during a .Ic ~> file transfer command; abbreviated .Va eofw . .It Va eol .Pq Vt str The set of characters which indicate an end-of-line. The .Nm utility will recognize escape characters only after an end-of-line. .It Va escape .Pq Vt char The command prefix (escape) character; abbreviated .Va es ; default value is .Ql ~ . .It Va exceptions .Pq Vt str The set of characters which should not be discarded due to the beautification switch; abbreviated .Va ex ; default value is .Dq Li \et\en\ef\eb . .It Va force .Pq Vt char The character used to force literal data transmission; abbreviated .Va fo ; default value is .Ql ^P . .It Va framesize .Pq Vt num The amount of data (in bytes) to buffer between file system writes when receiving files; abbreviated .Va fr . .It Va hardwareflow .Pq Vt bool Whether hardware flow control (CRTSCTS) is enabled for the connection; abbreviated .Va hf ; default value is .Cm off . .It Va host .Pq Vt str The name of the host to which you are connected; abbreviated .Va ho . .It Va linedisc .Pq Vt num The line discipline to use; abbreviated .Va ld . .It Va prompt .Pq Vt char The character which indicates an end-of-line on the remote host; abbreviated .Va pr ; default value is .Ql \en . This value is used to synchronize during data transfers. The count of lines transferred during a file transfer command is based on receipt of this character. .It Va raise .Pq Vt bool Upper case mapping mode; abbreviated .Va ra ; default value is .Cm off . When this mode is enabled, all lowercase letters will be mapped to uppercase by .Nm for transmission to the remote machine. .It Va raisechar .Pq Vt char The input character used to toggle uppercase mapping mode; abbreviated .Va rc ; not set by default. .It Va record .Pq Vt str The name of the file in which a session script is recorded; abbreviated .Va rec . .It Va script .Pq Vt bool Session scripting mode; abbreviated .Va sc ; default is .Cm off . When .Va script is .Cm true , .Nm will record everything transmitted by the remote machine in the script record file specified in .Va record . If the .Va beautify switch is on, only printable .Tn ASCII characters will be included in the script file (those characters between 040 and 0177). The variable .Va exceptions is used to indicate characters which are an exception to the normal beautification rules. .It Va tabexpand .Pq Vt bool Expand tabs to spaces during file transfers; abbreviated .Va tab ; default value is .Cm false . Each tab is expanded to 8 spaces. .It Va tandem .Pq Vt bool Use XON/XOFF flow control to throttle data from the remote host; abbreviated .Va ta . The default value is .Cm true . .It Va verbose .Pq Vt bool Verbose mode; abbreviated .Va verb ; default is .Cm true . When verbose mode is enabled, .Nm prints messages while dialing, shows the current number of lines transferred during a file transfer operations, and more. .El .Sh ENVIRONMENT .Bl -tag -width indent .It Ev HOME The home directory to use for the .Ic ~c command. .It Ev SHELL The name of the shell to use for the .Ic ~! command; default value is .Dq Li /bin/sh . .El .Sh FILES .Bl -tag -width ".Pa /var/spool/lock/LCK..*" -compact .It Pa /var/log/aculog line access log .It Pa /var/spool/lock/LCK..* lock file to avoid conflicts with .Xr uucp 1 Pq Pa ports/net/freebsd-uucp .El .Sh SEE ALSO .Xr tip 1 .Sh HISTORY The .Nm command appeared in .Bx 4.2 . .Sh BUGS The full set of variables is undocumented and should, probably, be pared down. Index: head/usr.sbin/bluetooth/hcseriald/hcseriald.8 =================================================================== --- head/usr.sbin/bluetooth/hcseriald/hcseriald.8 (revision 244039) +++ head/usr.sbin/bluetooth/hcseriald/hcseriald.8 (revision 244040) @@ -1,86 +1,86 @@ .\" Copyright (c) 2001-2002 Maksim Yevmenkin .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $Id: hcseriald.8,v 1.3 2003/05/21 00:47:26 max Exp $ .\" $FreeBSD$ .\" .Dd June 14, 2002 .Dt HCSERIALD 8 .Os .Sh NAME .Nm hcseriald .Nd supervise serial Bluetooth devices .Sh SYNOPSIS .Nm .Op Fl dh .Fl f Ar device .Fl n Ar node_name .Op Fl s Ar speed .Sh DESCRIPTION The .Nm utility handles serial Bluetooth devices. It does one simple thing: it opens the specified serial device, sets the device parameters, and pushes the .Dv H4 line discipline. .Pp The options are as follows: .Bl -tag -width indent .It Fl d Do not disassociate from the controlling terminal, i.e., run in foreground. .It Fl f Ar device Callout device name. Example: -.Fl f Pa /dev/cuad0 . +.Fl f Pa /dev/cuau0 . .It Fl h Display usage message and exit. .It Fl n Ar node_name Set H4 Netgraph node name. Example: .Fl n Li sio0 . .It Fl s Ar speed Set serial device speed to .Ar speed . Example: .Fl s Li 115200 . .El .Sh FILES .Bl -tag -width ".Pa /var/run/hcserial. Ns Ar * Ns Pa .pid" -compact .It Pa /var/run/hcserial. Ns Ar * Ns Pa .pid Process ID of the currently running .Nm daemon. Where .Ar * is an H4 Netgraph node name. .El .Sh SEE ALSO .Xr ng_h4 4 , .Xr ng_hci 4 , .Xr tty 4 , .Xr hccontrol 8 .Sh AUTHORS .An Maksim Yevmenkin Aq m_evmenkin@yahoo.com Index: head/usr.sbin/bluetooth/hcseriald/hcseriald.c =================================================================== --- head/usr.sbin/bluetooth/hcseriald/hcseriald.c (revision 244039) +++ head/usr.sbin/bluetooth/hcseriald/hcseriald.c (revision 244040) @@ -1,268 +1,268 @@ /* * hcseriald.c * * Copyright (c) 2001-2002 Maksim Yevmenkin * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $Id: hcseriald.c,v 1.3 2003/05/21 22:40:32 max Exp $ * $FreeBSD$ */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include /* Prototypes */ static int open_device (char const *, speed_t, char const *); static void sighandler (int); static void usage (); static char const * const hcseriald = "hcseriald"; static int done = 0; int main(int argc, char *argv[]) { char *device = NULL, *name = NULL; speed_t speed = 115200; int n, detach = 1; char p[FILENAME_MAX]; FILE *f = NULL; struct sigaction sa; /* Process command line arguments */ while ((n = getopt(argc, argv, "df:n:s:h")) != -1) { switch (n) { case 'd': detach = 0; break; case 'f': device = optarg; break; case 'n': name = optarg; break; case 's': speed = atoi(optarg); if (speed < 0) usage(argv[0]); break; case 'h': default: usage(argv[0]); break; } } if (device == NULL || name == NULL) usage(argv[0]); openlog(hcseriald, LOG_PID | LOG_NDELAY, LOG_USER); /* Open device */ n = open_device(device, speed, name); if (detach && daemon(0, 0) < 0) { syslog(LOG_ERR, "Could not daemon(0, 0). %s (%d)", strerror(errno), errno); exit(1); } /* Write PID file */ snprintf(p, sizeof(p), "/var/run/%s.%s.pid", hcseriald, name); f = fopen(p, "w"); if (f == NULL) { syslog(LOG_ERR, "Could not fopen(%s). %s (%d)", p, strerror(errno), errno); exit(1); } fprintf(f, "%d", getpid()); fclose(f); /* Install signal handler */ memset(&sa, 0, sizeof(sa)); sa.sa_handler = sighandler; if (sigaction(SIGTERM, &sa, NULL) < 0) { syslog(LOG_ERR, "Could not sigaction(SIGTERM). %s (%d)", strerror(errno), errno); exit(1); } if (sigaction(SIGHUP, &sa, NULL) < 0) { syslog(LOG_ERR, "Could not sigaction(SIGHUP). %s (%d)", strerror(errno), errno); exit(1); } if (sigaction(SIGINT, &sa, NULL) < 0) { syslog(LOG_ERR, "Could not sigaction(SIGINT). %s (%d)", strerror(errno), errno); exit(1); } /* Keep running */ while (!done) select(0, NULL, NULL, NULL, NULL); /* Remove PID file and close device */ unlink(p); close(n); closelog(); return (0); } /* main */ /* Open terminal, set settings, push H4 line discipline and set node name */ static int open_device(char const *device, speed_t speed, char const *name) { int fd, disc, cs, ds; struct termios t; struct nodeinfo ni; struct ngm_name n; char p[NG_NODESIZ]; /* Open terminal device and setup H4 line discipline */ fd = open(device, O_RDWR|O_NOCTTY); if (fd < 0) { syslog(LOG_ERR, "Could not open(%s). %s (%d)", device, strerror(errno), errno); exit(1); } tcflush(fd, TCIOFLUSH); if (tcgetattr(fd, &t) < 0) { syslog(LOG_ERR, "Could not tcgetattr(%s). %s (%d)", device, strerror(errno), errno); exit(1); } cfmakeraw(&t); t.c_cflag |= CLOCAL; /* clocal */ t.c_cflag &= ~CSIZE; /* cs8 */ t.c_cflag |= CS8; /* cs8 */ t.c_cflag &= ~PARENB; /* -parenb */ t.c_cflag &= ~CSTOPB; /* -cstopb */ t.c_cflag |= CRTSCTS; /* crtscts */ if (tcsetattr(fd, TCSANOW, &t) < 0) { syslog(LOG_ERR, "Could not tcsetattr(%s). %s (%d)", device, strerror(errno), errno); exit(1); } tcflush(fd, TCIOFLUSH); if (cfsetspeed(&t, speed) < 0) { syslog(LOG_ERR, "Could not cfsetspeed(%s). %s (%d)", device, strerror(errno), errno); exit(1); } if (tcsetattr(fd, TCSANOW, &t) < 0) { syslog(LOG_ERR, "Could not tcsetattr(%s). %s (%d)", device, strerror(errno), errno); exit(1); } disc = H4DISC; if (ioctl(fd, TIOCSETD, &disc) < 0) { syslog(LOG_ERR, "Could not ioctl(%s, TIOCSETD, %d). %s (%d)", device, disc, strerror(errno), errno); exit(1); } /* Get default name of the Netgraph node */ memset(&ni, 0, sizeof(ni)); if (ioctl(fd, NGIOCGINFO, &ni) < 0) { syslog(LOG_ERR, "Could not ioctl(%d, NGIOGINFO). %s (%d)", fd, strerror(errno), errno); exit(1); } /* Assign new name to the Netgraph node */ snprintf(p, sizeof(p), "%s:", ni.name); snprintf(n.name, sizeof(n.name), "%s", name); if (NgMkSockNode(NULL, &cs, &ds) < 0) { syslog(LOG_ERR, "Could not NgMkSockNode(). %s (%d)", strerror(errno), errno); exit(1); } if (NgSendMsg(cs, p, NGM_GENERIC_COOKIE, NGM_NAME, &n, sizeof(n)) < 0) { syslog(LOG_ERR, "Could not NgSendMsg(%d, %s, NGM_NAME, %s). " \ "%s (%d)", cs, p, n.name, strerror(errno), errno); exit(1); } close(cs); close(ds); return (fd); } /* open_device */ /* Signal handler */ static void sighandler(int s) { done = 1; } /* sighandler */ /* Usage */ static void usage(void) { fprintf(stderr, "Usage: %s -f device -n node_name [-s speed -d -h]\n" \ "Where:\n" \ - "\t-f device tty device name, ex. /dev/cuad1\n" \ + "\t-f device tty device name, ex. /dev/cuau1\n" \ "\t-n node_name set Netgraph node name to node_name\n" \ "\t-s speed set tty speed, ex. 115200\n" \ "\t-d run in foreground\n" \ "\t-h display this message\n", hcseriald); exit(255); } /* usage */ Index: head/usr.sbin/moused/moused.8 =================================================================== --- head/usr.sbin/moused/moused.8 (revision 244039) +++ head/usr.sbin/moused/moused.8 (revision 244040) @@ -1,854 +1,854 @@ .\" Copyright (c) 1996 .\" Mike Pritchard . All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by Mike Pritchard. .\" 4. Neither the name of the author nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd May 15, 2008 .Dt MOUSED 8 .Os .Sh NAME .Nm moused .Nd pass mouse data to the console driver .Sh SYNOPSIS .Nm .Op Fl DPRacdfs .Op Fl I Ar file .Op Fl F Ar rate .Op Fl r Ar resolution .Op Fl S Ar baudrate .Op Fl VH Op Fl U Ar distance Fl L Ar distance .Op Fl A Ar exp Ns Op , Ns Ar offset .Op Fl a Ar X Ns Op , Ns Ar Y .Op Fl C Ar threshold .Op Fl m Ar N=M .Op Fl w Ar N .Op Fl z Ar target .Op Fl t Ar mousetype .Op Fl l Ar level .Op Fl 3 Op Fl E Ar timeout .Op Fl T Ar distance Ns Op , Ns Ar time Ns Op , Ns Ar after .Fl p Ar port .Pp .Nm .Op Fl Pd .Fl p Ar port .Fl i Ar info .Sh DESCRIPTION The .Nm utility and the console driver work together to support mouse operation in the text console and user programs. They virtualize the mouse and provide user programs with mouse data in the standard format (see .Xr sysmouse 4 ) . .Pp The mouse daemon listens to the specified port for mouse data, interprets and then passes it via ioctls to the console driver. The mouse daemon reports translation movement, button press/release events and movement of the roller or the wheel if available. The roller/wheel movement is reported as .Dq Z axis movement. .Pp The console driver will display the mouse pointer on the screen and provide cut and paste functions if the mouse pointer is enabled in the virtual console via .Xr vidcontrol 1 . If .Xr sysmouse 4 is opened by the user program, the console driver also passes the mouse data to the device so that the user program will see it. .Pp If the mouse daemon receives the signal .Dv SIGHUP , it will reopen the mouse port and reinitialize itself. Useful if the mouse is attached/detached while the system is suspended. .Pp If the mouse daemon receives the signal .Dv SIGUSR1 , it will stop passing mouse events. Sending the signal .Dv SIGUSR1 again will resume passing mouse events. Useful if your typing on a laptop is interrupted by accidentally touching the mouse pad. .Pp The following options are available: .Bl -tag -width indent .It Fl 3 Emulate the third (middle) button for 2-button mice. It is emulated by pressing the left and right physical buttons simultaneously. .It Fl C Ar threshold Set double click speed as the maximum interval in msec between button clicks. Without this option, the default value of 500 msec will be assumed. This option will have effect only on the cut and paste operations in the text mode console. The user program which is reading mouse data via .Xr sysmouse 4 will not be affected. .It Fl D Lower DTR on the serial port. This option is valid only if .Ar mousesystems is selected as the protocol type. The DTR line may need to be dropped for a 3-button mouse to operate in the .Ar mousesystems mode. .It Fl E Ar timeout When the third button emulation is enabled (see above), the .Nm utility waits .Ar timeout msec at most before deciding whether two buttons are being pressed simultaneously. The default timeout is 100 msec. .It Fl F Ar rate Set the report rate (reports/sec) of the device if supported. .It Fl L Ar distance When .Dq Virtual Scrolling is enabled, the .Fl L option can be used to set the .Ar distance (in pixels) that the mouse must move before a scroll event is generated. This effectively controls the scrolling speed. The default .Ar distance is 2 pixels. .It Fl H Enable .Dq Horizontal Virtual Scrolling . With this option set, holding the middle mouse button down will cause motion to be interpreted as horizontal scrolling. Use the .Fl U option to set the distance the mouse must move before the scrolling mode is activated and the .Fl L option to set the scrolling speed. This option may be used with or without the .Fl V option. .It Fl I Ar file Write the process id of the .Nm utility in the specified file. Without this option, the process id will be stored in .Pa /var/run/moused.pid . .It Fl P Do not start the Plug and Play COM device enumeration procedure when identifying the serial mouse. If this option is given together with the .Fl i option, the .Nm utility will not be able to print useful information for the serial mouse. .It Fl R Lower RTS on the serial port. This option is valid only if .Ar mousesystems is selected as the protocol type by the .Fl t option below. It is often used with the .Fl D option above. Both RTS and DTR lines may need to be dropped for a 3-button mouse to operate in the .Ar mousesystems mode. .It Fl S Ar baudrate Select the baudrate for the serial port (1200 to 9600). Not all serial mice support this option. .It Fl T Ar distance Ns Op , Ns Ar time Ns Op , Ns Ar after Terminate drift. Use this option if mouse pointer slowly wanders when mouse is not moved. Movements up to .Ar distance (for example 4) pixels (X+Y) in .Ar time msec (default 500) are ignored, except during .Ar after msec (default 4000) since last real mouse movement. .It Fl V Enable .Dq Virtual Scrolling . With this option set, holding the middle mouse button down will cause motion to be interpreted as scrolling. Use the .Fl U option to set the distance the mouse must move before the scrolling mode is activated and the .Fl L option to set the scrolling speed. .It Fl U Ar distance When .Dq Virtual Scrolling is enabled, the .Fl U option can be used to set the .Ar distance (in pixels) that the mouse must move before the scrolling mode is activated. The default .Ar distance is 3 pixels. .It Fl A Ar exp Ns Op , Ns Ar offset Apply exponential (dynamic) acceleration to mouse movements: the faster you move the mouse, the more it will be accelerated. That means that small mouse movements are not accelerated, so they are still very accurate, while a faster movement will drive the pointer quickly across the screen. .Pp The .Ar exp value specifies the exponent, which is basically the amount of acceleration. Useful values are in the range 1.1 to 2.0, but it depends on your mouse hardware and your personal preference. A value of 1.0 means no exponential acceleration. A value of 2.0 means squared acceleration (i.e. if you move the mouse twice as fast, the pointer will move four times as fast on the screen). Values beyond 2.0 are possible but not recommended. A good value to start is probably 1.5. .Pp The optional .Ar offset value specifies the distance at which the acceleration begins. The default is 1.0, which means that the acceleration is applied to movements larger than one unit. If you specify a larger value, it takes more speed for the acceleration to kick in, i.e. the speed range for small and accurate movements is wider. Usually the default should be sufficient, but if you're not satisfied with the behaviour, try a value of 2.0. .Pp Note that the .Fl A option interacts badly with the X server's own acceleration, which doesn't work very well anyway. Therefore it is recommended to switch it off if necessary: .Dq xset m 1 . .It Fl a Ar X Ns Op , Ns Ar Y Accelerate or decelerate the mouse input. This is a linear acceleration only. Values less than 1.0 slow down movement, values greater than 1.0 speed it up. Specifying only one value sets the acceleration for both axes. .Pp You can use the .Fl a and .Fl A options at the same time to have the combined effect of linear and exponential acceleration. .It Fl c Some mice report middle button down events as if the left and right buttons are being pressed. This option handles this. .It Fl d Enable debugging messages. .It Fl f Do not become a daemon and instead run as a foreground process. Useful for testing and debugging. .It Fl i Ar info Print specified information and quit. Available pieces of information are: .Pp .Bl -tag -compact -width modelxxx .It Ar port Port (device file) name, i.e.\& -.Pa /dev/cuad0 , +.Pa /dev/cuau0 , .Pa /dev/mse0 and .Pa /dev/psm0 . .It Ar if Interface type: serial, bus, inport or ps/2. .It Ar type Protocol type. It is one of the types listed under the .Fl t option below or .Ar sysmouse if the driver supports the .Ar sysmouse data format standard. .It Ar model Mouse model. The .Nm utility may not always be able to identify the model. .It Ar all All of the above items. Print port, interface, type and model in this order in one line. .El .Pp If the .Nm utility cannot determine the requested information, it prints .Dq Li unknown or .Dq Li generic . .It Fl l Ar level Specifies at which level .Nm should operate the mouse driver. Refer to .Sx Operation Levels in .Xr psm 4 for more information on this. .It Fl m Ar N=M Assign the physical button .Ar M to the logical button .Ar N . You may specify as many instances of this option as you like. More than one physical button may be assigned to a logical button at the same time. In this case the logical button will be down, if either of the assigned physical buttons is held down. Do not put space around .Ql = . .It Fl p Ar port Use .Ar port to communicate with the mouse. .It Fl r Ar resolution Set the resolution of the device; in Dots Per Inch, or .Ar low , .Ar medium-low , .Ar medium-high or .Ar high . This option may not be supported by all the device. .It Fl s Select a baudrate of 9600 for the serial line. Not all serial mice support this option. .It Fl t Ar type Specify the protocol type of the mouse attached to the port. You may explicitly specify a type listed below, or use .Ar auto to let the .Nm utility automatically select an appropriate protocol for the given mouse. If you entirely omit this option in the command line, .Fl t Ar auto is assumed. Under normal circumstances, you need to use this option only if the .Nm utility is not able to detect the protocol automatically (see .Sx "Configuring Mouse Daemon" ) . .Pp Note that if a protocol type is specified with this option, the .Fl P option above is implied and Plug and Play COM device enumeration procedure will be disabled. .Pp Also note that if your mouse is attached to the PS/2 mouse port, you should always choose .Ar auto or .Ar ps/2 , regardless of the brand and model of the mouse. Likewise, if your mouse is attached to the bus mouse port, choose .Ar auto or .Ar busmouse . Serial mouse protocols will not work with these mice. .Pp For the USB mouse, the protocol must be .Ar auto . No other protocol will work with the USB mouse. .Pp Valid types for this option are listed below. .Pp For the serial mouse: .Bl -tag -compact -width mousesystemsxxx .It Ar microsoft Microsoft serial mouse protocol. Most 2-button serial mice use this protocol. .It Ar intellimouse Microsoft IntelliMouse protocol. Genius NetMouse, .Tn ASCII Mie Mouse, Logitech MouseMan+ and FirstMouse+ use this protocol too. Other mice with a roller/wheel may be compatible with this protocol. .It Ar mousesystems MouseSystems 5-byte protocol. 3-button mice may use this protocol. .It Ar mmseries MM Series mouse protocol. .It Ar logitech Logitech mouse protocol. Note that this is for old Logitech models. .Ar mouseman or .Ar intellimouse should be specified for newer models. .It Ar mouseman Logitech MouseMan and TrackMan protocol. Some 3-button mice may be compatible with this protocol. Note that MouseMan+ and FirstMouse+ use .Ar intellimouse protocol rather than this one. .It Ar glidepoint ALPS GlidePoint protocol. .It Ar thinkingmouse Kensington ThinkingMouse protocol. .It Ar mmhitab Hitachi tablet protocol. .It Ar x10mouseremote X10 MouseRemote. .It Ar kidspad Genius Kidspad and Easypad protocol. .It Ar versapad Interlink VersaPad protocol. .It Ar gtco_digipad GTCO Digipad protocol. .El .Pp For the bus and InPort mouse: .Bl -tag -compact -width mousesystemsxxx .It Ar busmouse This is the only protocol type available for the bus and InPort mouse and should be specified for any bus mice and InPort mice, regardless of the brand. .El .Pp For the PS/2 mouse: .Bl -tag -compact -width mousesystemsxxx .It Ar ps/2 This is the only protocol type available for the PS/2 mouse and should be specified for any PS/2 mice, regardless of the brand. .El .Pp For the USB mouse, .Ar auto is the only protocol type available for the USB mouse and should be specified for any USB mice, regardless of the brand. .It Fl w Ar N Make the physical button .Ar N act as the wheel mode button. While this button is pressed, X and Y axis movement is reported to be zero and the Y axis movement is mapped to Z axis. You may further map the Z axis movement to virtual buttons by the .Fl z option below. .It Fl z Ar target Map Z axis (roller/wheel) movement to another axis or to virtual buttons. Valid .Ar target maybe: .Bl -tag -compact -width x__ .It Ar x .It Ar y X or Y axis movement will be reported when the Z axis movement is detected. .It Ar N Report down events for the virtual buttons .Ar N and .Ar N+1 respectively when negative and positive Z axis movement is detected. There do not need to be physical buttons .Ar N and .Ar N+1 . Note that mapping to logical buttons is carried out after mapping from the Z axis movement to the virtual buttons is done. .It Ar N1 N2 Report down events for the virtual buttons .Ar N1 and .Ar N2 respectively when negative and positive Z axis movement is detected. .It Ar N1 N2 N3 N4 This is useful for the mouse with two wheels of which the second wheel is used to generate horizontal scroll action, and for the mouse which has a knob or a stick which can detect the horizontal force applied by the user. .Pp The motion of the second wheel will be mapped to the buttons .Ar N3 , for the negative direction, and .Ar N4 , for the positive direction. If the buttons .Ar N3 and .Ar N4 actually exist in this mouse, their actions will not be detected. .Pp Note that horizontal movement or second roller/wheel movement may not always be detected, because there appears to be no accepted standard as to how it is encoded. .Pp Note also that some mice think left is the negative horizontal direction; others may think otherwise. Moreover, there are some mice whose two wheels are both mounted vertically, and the direction of the second vertical wheel does not match the first one. .El .El .Ss Configuring Mouse Daemon The first thing you need to know is the interface type of the mouse you are going to use. It can be determined by looking at the connector of the mouse. The serial mouse has a D-Sub female 9- or 25-pin connector. The bus and InPort mice have either a D-Sub male 9-pin connector or a round DIN 9-pin connector. The PS/2 mouse is equipped with a small, round DIN 6-pin connector. Some mice come with adapters with which the connector can be converted to another. If you are to use such an adapter, remember the connector at the very end of the mouse/adapter pair is what matters. The USB mouse has a flat rectangular connector. .Pp The next thing to decide is a port to use for the given interface. For the bus, InPort and PS/2 mice, there is little choice: the bus and InPort mice always use .Pa /dev/mse0 , and the PS/2 mouse is always at .Pa /dev/psm0 . There may be more than one serial port to which the serial mouse can be attached. Many people often assign the first, built-in serial port -.Pa /dev/cuad0 +.Pa /dev/cuau0 to the mouse. You can attach multiple USB mice to your system or to your USB hub. They are accessible as .Pa /dev/ums0 , /dev/ums1 , and so on. .Pp You may want to create a symbolic link .Pa /dev/mouse pointing to the real port to which the mouse is connected, so that you can easily distinguish which is your .Dq mouse port later. .Pp The next step is to guess the appropriate protocol type for the mouse. The .Nm utility may be able to automatically determine the protocol type. Run the .Nm utility with the .Fl i option and see what it says. If the command can identify the protocol type, no further investigation is necessary on your part. You may start the daemon without explicitly specifying a protocol type (see .Sx EXAMPLES ) . .Pp The command may print .Ar sysmouse if the mouse driver supports this protocol type. .Pp Note that the .Dv type and .Dv model printed by the .Fl i option do not necessarily match the product name of the pointing device in question, but they may give the name of the device with which it is compatible. .Pp If the .Fl i option yields nothing, you need to specify a protocol type to the .Nm utility by the .Fl t option. You have to make a guess and try. There is rule of thumb: .Pp .Bl -enum -compact -width 1.X .It The bus and InPort mice always use .Ar busmouse protocol regardless of the brand of the mouse. .It The .Ar ps/2 protocol should always be specified for the PS/2 mouse regardless of the brand of the mouse. .It You must specify the .Ar auto protocol for the USB mouse. .It Most 2-button serial mice support the .Ar microsoft protocol. .It 3-button serial mice may work with the .Ar mousesystems protocol. If it does not, it may work with the .Ar microsoft protocol although the third (middle) button will not function. 3-button serial mice may also work with the .Ar mouseman protocol under which the third button may function as expected. .It 3-button serial mice may have a small switch to choose between .Dq MS and .Dq PC , or .Dq 2 and .Dq 3 . .Dq MS or .Dq 2 usually mean the .Ar microsoft protocol. .Dq PC or .Dq 3 will choose the .Ar mousesystems protocol. .It If the mouse has a roller or a wheel, it may be compatible with the .Ar intellimouse protocol. .El .Pp To test if the selected protocol type is correct for the given mouse, enable the mouse pointer in the current virtual console, .Pp .Dl "vidcontrol -m on" .Pp start the mouse daemon in the foreground mode, .Pp .Dl "moused -f -p -t " .Pp and see if the mouse pointer travels correctly according to the mouse movement. Then try cut & paste features by clicking the left, right and middle buttons. Type ^C to stop the command. .Ss Multiple Mice As many instances of the mouse daemon as the number of mice attached to the system may be run simultaneously; one instance for each mouse. This is useful if the user wants to use the built-in PS/2 pointing device of a laptop computer while on the road, but wants to use a serial mouse when s/he attaches the system to the docking station in the office. Run two mouse daemons and tell the application program (such as the .Tn "X\ Window System" ) to use .Xr sysmouse 4 , then the application program will always see mouse data from either mouse. When the serial mouse is not attached, the corresponding mouse daemon will not detect any movement or button state change and the application program will only see mouse data coming from the daemon for the PS/2 mouse. In contrast when both mice are attached and both of them are moved at the same time in this configuration, the mouse pointer will travel across the screen just as if movement of the mice is combined all together. .Sh FILES .Bl -tag -width /dev/consolectl -compact .It Pa /dev/consolectl device to control the console .It Pa /dev/mse%d bus and InPort mouse driver .It Pa /dev/psm%d PS/2 mouse driver .It Pa /dev/sysmouse virtualized mouse driver .It Pa /dev/ttyv%d virtual consoles .It Pa /dev/ums%d USB mouse driver .It Pa /var/run/moused.pid process id of the currently running .Nm utility .It Pa /var/run/MouseRemote UNIX-domain stream socket for X10 MouseRemote events .El .Sh EXAMPLES -.Dl "moused -p /dev/cuad0 -i type" +.Dl "moused -p /dev/cuau0 -i type" .Pp Let the .Nm utility determine the protocol type of the mouse at the serial port -.Pa /dev/cuad0 . +.Pa /dev/cuau0 . If successful, the command will print the type, otherwise it will say .Dq Li unknown . .Bd -literal -offset indent -moused -p /dev/cuad0 +moused -p /dev/cuau0 vidcontrol -m on .Ed .Pp If the .Nm utility is able to identify the protocol type of the mouse at the specified port automatically, you can start the daemon without the .Fl t option and enable the mouse pointer in the text console as above. .Bd -literal -offset indent moused -p /dev/mouse -t microsoft vidcontrol -m on .Ed .Pp Start the mouse daemon on the serial port .Pa /dev/mouse . The protocol type .Ar microsoft is explicitly specified by the .Fl t option. .Pp .Dl "moused -p /dev/mouse -m 1=3 -m 3=1" .Pp Assign the physical button 3 (right button) to the logical button 1 (logical left) and the physical button 1 (left) to the logical button 3 (logical right). This will effectively swap the left and right buttons. .Pp .Dl "moused -p /dev/mouse -t intellimouse -z 4" .Pp Report negative Z axis movement (i.e., mouse wheel) as the button 4 pressed and positive Z axis movement (i.e., mouse wheel) as the button 5 pressed. .Pp If you add .Pp .Dl "ALL ALL = NOPASSWD: /usr/bin/killall -USR1 moused" .Pp to your .Pa /usr/local/etc/sudoers file, and bind .Pp .Dl "killall -USR1 moused" .Pp to a key in your window manager, you can suspend mouse events on your laptop if you keep brushing over the mouse pad while typing. .Sh SEE ALSO .Xr kill 1 , .Xr vidcontrol 1 , .Xr xset 1 , .Xr keyboard 4 , .Xr mse 4 , .Xr psm 4 , .Xr screen 4 , .Xr sysmouse 4 , .Xr ums 4 .Sh STANDARDS The .Nm utility partially supports .Dq Plug and Play External COM Device Specification in order to support PnP serial mice. However, due to various degrees of conformance to the specification by existing serial mice, it does not strictly follow the version 1.0 of the standard. Even with this less strict approach, it may not always determine an appropriate protocol type for the given serial mouse. .Sh HISTORY The .Nm utility first appeared in .Fx 2.2 . .Sh AUTHORS .An -nosplit The .Nm utility was written by .An Michael Smith Aq msmith@FreeBSD.org . This manual page was written by .An Mike Pritchard Aq mpp@FreeBSD.org . The command and manual page have since been updated by .An Kazutaka Yokota Aq yokota@FreeBSD.org . .Sh CAVEATS Many pad devices behave as if the first (left) button were pressed if the user .Dq taps the surface of the pad. In contrast, some ALPS GlidePoint and Interlink VersaPad models treat the tapping action as fourth button events. Use the option .Dq Fl m Li 1=4 for these models to obtain the same effect as the other pad devices. .Pp Cut and paste functions in the virtual console assume that there are three buttons on the mouse. The logical button 1 (logical left) selects a region of text in the console and copies it to the cut buffer. The logical button 3 (logical right) extends the selected region. The logical button 2 (logical middle) pastes the selected text at the text cursor position. If the mouse has only two buttons, the middle, `paste' button is not available. To obtain the paste function, use the .Fl 3 option to emulate the middle button, or use the .Fl m option to assign the physical right button to the logical middle button: .Dq Fl m Li 2=3 . Index: head/usr.sbin/ppp/README.changes =================================================================== --- head/usr.sbin/ppp/README.changes (revision 244039) +++ head/usr.sbin/ppp/README.changes (revision 244040) @@ -1,140 +1,140 @@ Copyright (c) 2001 Brian Somers based on work by Eivind Eklund , All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. $FreeBSD$ This file summarises changes made to ppp that effect its configuration. It does not describe new features, rather it attempts to answer any `this used to work, why doesn't it now?' questions. o The `set debug' command was replaced with `set log'. o The `set log LCP' command was split into LCP, IPCP and CCP logs. o Syslogd is used for logging. /etc/syslog.conf must be updated. o LQR is disabled by default. o Openmode is active by default. o Users must be a member of group `network' for ppp access. Furthermore, they must be `allow'ed to run ppp via the `allow' command in the configuration file. For a brief period, ppp could only be run as root. o No diagnostic socket is created by default. The `set server' command must be used. o The diagnostic socket password must be specified *only* on the `set server' command line. o When `set server' is used to re-select a diagnostic port, all existing diagnostic connections are dropped. o pppd-deflate is now called deflate24. o Filter IPs of 0.0.0.0 have a default width of 0, not 32. o Errors in `add' and `delete' are logged as warnings rather than being written to the TCP/IP log. o Any number of diagnostic prompts are allowed, and they are allowed in interactive mode. -o The default `device' is cuad1, then cuad0 +o The default `device' is cuau1, then cuau0 o A password of "*" in ppp.secret causes a passwd database lookup in pap mode. o The value of the CONNECT environment variable is logged in the utmp host field in -direct mode. o Out-of-sequence FSM packets (IPCP/LCP/CCP) are dropped by default. o Reconnect values are used after an LQR timeout. o ^C works on the parent in -background mode. o The dial/call/open command works asynchronously. As a result, prompts do not lose control while dialing. o The `display' command has been removed. All information is available with the appropriate `show' command. o Msext does not need to be enabled/disabled. Setting the NBNS (set nbns) will auto enable it. The DNS side may be enabled/disabled, and if enabled without a `set dns' (was `set ns') will use values from /etc/resolv.conf. o Filters are now called `allow', `dial', `in' and `out'. `set ifilter ...' becomes `set filter in ...' etc. o Authname and Authkey may only be `set' in phase DEAD. o Set encrypt is no longer necessary. Ppp will respond to M$CHAP servers correctly if it's built with DES. o Throughput statistics are enabled by default. o `Set stopped' only has two parameters. It's no longer possible to have an IPCP stopped timer. o `Set timeout' only has one or two parameters. Use `set lqrperiod' and `set {lcp,ccp,ipcp,chap,pap}retry' for the other timers. These timeout values can be seen using the relevant show commands. o `set loopback' is now `enable/disable loopback'. o `show auto', `show loopback' and `show mtu' are all part of `show bundle'. o `show mru' is part of `show lcp' o `show msext' and `show vj' are part of `show ipcp' o `show reconnect' and `show redial' are part of `show link' o A signal 15 (TERM) will now shut down the link gracefully. o A signal 2 (HUP) will drop all links immediately. o Signal 30 (USR1) is now ignored. o Add & delete commands are not necessary in ppp.linkup if they are `sticky routes' (ie, contain MYADDR or HISADDR). o LINK and CARRIER logging are no longer available. o Timer based DEBUG messages are now logged in the new TIMER log. o Ppp can use tun devices > tun255. o Protocol-compressed packets are accepted even if they were denied at LCP negotiation time. o Passwords aren't logged when logging the ``set server'' line. o Command line options only need enough characters to uniquely identify them. -a == -auto, -dd == -ddial etc. -interactive is also allowed. o If you don't like seeing additional interface aliases when running in -auto -alias mode, add ``iface clear'' to your ppp.linkdown file - check the sample file. o Ppp waits for 1 second before checking whether the device supports carrier. This is controllable with ``set cd''. o Random dial timeouts are now between 1 and 30 seconds inclusive rather than between 0 and 29. o Ppp now accepts M$CHAP (as well as normal CHAP) by default. If this is not required, you must ``deny chap05 chap80''. o The ``set device'' command now expects each device to be specified as an argument rather than concatentating all arguments and splitting based on commas and spaces. o The ``show modem'' command is deprecated and has been changed to ``show physical''. o The words ``host'' and ``port'' are no longer accepted by the ``set filter'' command. Removing them should yield the same results as before. o The ``set weight'' command has been deprecated. The ``set bandwidth'' command should now be used instead. o The ``set autoload'' command syntax and implementation have changed as the old implementation was mis-designed and dysfunctional. o Ppp now waits either the full ``set cd'' time or until carrier is detected before running the login script (whichever comes first). o The -alias flag has been deprecated. The -nat flag should be used instead. o Unbalanced quotes in commands are now warned about and the entire command is ignored. o It is now only necessary to escape the `-' character in chat scripts twice. See the example files for details. o Environment variables and ~ are expanded on in commands o ``nat pptp'' is no longer necessary as this is now done transparently o The ``!'' at the start of chat scripts and authkey can be made literal (rather than meaning execute) by doubling it to ``!!''. o MP autoload throughput measurements are now based on the maximum of input and output averages rather than on the total. o When only one link is open in MP mode, MP link level compression is not open and the peer MRU >= the peer MRRU, ppp sends outbound traffic as PROTO_IP traffic rather than PROTO_MP. o MSCHAPv2 is now accepted by default. If you don't wish to negotiate this, you must explicitly deny it. o MPPE is enabled and accepted by default (although deflate and predictor1 are preferred. Index: head/usr.sbin/ppp/defs.h =================================================================== --- head/usr.sbin/ppp/defs.h (revision 244039) +++ head/usr.sbin/ppp/defs.h (revision 244040) @@ -1,142 +1,142 @@ /*- * Copyright (c) 1996 - 2001 Brian Somers * based on work by Toshiharu OHNO * Internet Initiative Japan, Inc (IIJ) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /* Check the following definitions for your machine environment */ #ifdef __FreeBSD__ -# define MODEM_LIST "/dev/cuad1\0/dev/cuad0" /* name of tty device */ +# define MODEM_LIST "/dev/cuau1\0/dev/cuau0" /* name of tty device */ #else # ifdef __OpenBSD__ # define MODEM_LIST "/dev/cua01\0/dev/cua00" /* name of tty device */ # else # define MODEM_LIST "/dev/tty01\0/dev/tty00" /* name of tty device */ # endif #endif #define NMODEMS 2 #ifndef PPP_CONFDIR #define PPP_CONFDIR "/etc/ppp" #endif #define TUN_NAME "tun" #define TUN_PREFIX (_PATH_DEV TUN_NAME) /* /dev/tun */ #define MODEM_SPEED B38400 /* tty speed */ #define SERVER_PORT 3000 /* Base server port no. */ #define MODEM_CTSRTS 1 /* Default (true): use CTS/RTS signals */ #define RECONNECT_TIMEOUT 3 /* Default timer for carrier loss */ #define DIAL_TIMEOUT 30 /* Default and Max random time to redial */ #define DIAL_NEXT_TIMEOUT 3 /* Default Hold time to next number redial */ #define SCRIPT_LEN 512 /* Size of login/dial/hangup scripts */ #define LINE_LEN SCRIPT_LEN /* Size of lines */ #define DEVICE_LEN SCRIPT_LEN /* Size of individual devices */ #define AUTHLEN 100 /* Size of authname/authkey */ #define CHAPDIGESTLEN 100 /* Maximum chap digest */ #define CHAPCHALLENGELEN 48 /* Maximum chap challenge */ #define CHAPAUTHRESPONSELEN 48 /* Maximum chap authresponse (chap81) */ #define MAXARGS 40 /* How many args per config line */ #define NCP_IDLE_TIMEOUT 180 /* Drop all links */ #define CHOKED_TIMEOUT 120 /* Delete queued packets w/ blocked tun */ #define MIN_LQRPERIOD 1 /* Minimum LQR frequency */ #define DEF_LQRPERIOD 30 /* Default LQR frequency */ #define MIN_FSMRETRY 1 /* Minimum FSM retry frequency */ #define DEF_FSMRETRY 3 /* FSM retry frequency */ #define DEF_FSMTRIES 5 /* Default max retries */ #define DEF_FSMAUTHTRIES 3 /* Default max auth retries */ #define DEF_IFQUEUE 30 /* Default interface queue size */ #define CONFFILE "ppp.conf" #define LINKUPFILE "ppp.linkup" #define LINKDOWNFILE "ppp.linkdown" #define SECRETFILE "ppp.secret" #define EX_SIG -1 #define EX_NORMAL 0 #define EX_START 1 #define EX_SOCK 2 #define EX_MODEM 3 #define EX_DIAL 4 #define EX_DEAD 5 #define EX_DONE 6 #define EX_REBOOT 7 #define EX_ERRDEAD 8 #define EX_HANGUP 9 #define EX_TERM 10 #define EX_NODIAL 11 #define EX_NOLOGIN 12 /* return values for -background mode, not really exits */ #define EX_REDIAL 13 #define EX_RECONNECT 14 /* physical::type values (OR'd in bundle::phys_type) */ #define PHYS_NONE 0 #define PHYS_INTERACTIVE 1 /* Manual link */ #define PHYS_AUTO 2 /* Dial-on-demand link */ #define PHYS_DIRECT 4 /* Incoming link, deleted when closed */ #define PHYS_DEDICATED 8 /* Dedicated link */ #define PHYS_DDIAL 16 /* Dial immediately, stay connected */ #define PHYS_BACKGROUND 32 /* Dial immediately, deleted when closed */ #define PHYS_FOREGROUND 64 /* Pseudo mode, same as background */ #define PHYS_ALL 127 /* flags passed to findblank() and MakeArgs() */ #define PARSE_NORMAL 0 #define PARSE_REDUCE 1 #define PARSE_NOHASH 2 /* flags passed to loadmodules */ #define LOAD_QUIETLY 1 #define LOAD_VERBOSLY 2 #define ROUNDUP(x) ((x) ? (1 + (((x) - 1) | (sizeof(long) - 1))) : sizeof(long)) #if defined(__NetBSD__) || __FreeBSD__ < 3 extern void randinit(void); #else #define random arc4random #define randinit() #endif extern ssize_t fullread(int, void *, size_t); extern const char *mode2Nam(int); extern int Nam2mode(const char *); extern struct in_addr GetIpAddr(const char *); extern unsigned SpeedToUnsigned(speed_t); extern speed_t UnsignedToSpeed(unsigned); extern char *findblank(char *, int); extern int MakeArgs(char *, char **, int, int); extern const char *NumStr(long, char *, size_t); extern const char *HexStr(long, char *, size_t); extern const char *ex_desc(int); extern void SetTitle(const char *); extern fd_set *mkfdset(void); extern void zerofdset(fd_set *); extern void Concatinate(char *, size_t, int, const char *const *); extern int loadmodules(int, const char *, ...); Index: head/usr.sbin/ppp/ppp.8.m4 =================================================================== --- head/usr.sbin/ppp/ppp.8.m4 (revision 244039) +++ head/usr.sbin/ppp/ppp.8.m4 (revision 244040) @@ -1,6104 +1,6104 @@ changequote({,})dnl changecom(,)dnl .\" .\" Copyright (c) 2001 Brian Somers .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd August 25, 2009 .Dt PPP 8 .Os .Sh NAME .Nm ppp .Nd Point to Point Protocol (a.k.a. user-ppp) .Sh SYNOPSIS .Nm .Op Fl Va mode .Op Fl nat .Op Fl quiet .Op Fl unit Ns Ar N .Op Ar system ... .Sh DESCRIPTION This is a user process .Em PPP software package. Sometimes, .Em PPP is implemented as a part of the kernel (e.g., as managed by .Nm pppd ) and it is thus somewhat hard to debug and/or modify its behaviour. However, in this implementation .Em PPP is done as a user process with the help of the tunnel device driver (tun). .Pp The .Fl nat flag does the equivalent of a .Dq nat enable yes , enabling .Nm Ns No 's network address translation features. This allows .Nm to act as a NAT or masquerading engine for all machines on an internal LAN. ifdef({LOCALNAT},{},{Refer to .Xr libalias 3 for details on the technical side of the NAT engine. })dnl Refer to the .Sx NETWORK ADDRESS TRANSLATION (PACKET ALIASING) section of this manual page for details on how to configure NAT in .Nm . .Pp The .Fl quiet flag tells .Nm to be silent at startup rather than displaying the mode and interface to standard output. .Pp The .Fl unit flag tells .Nm to only attempt to open .Pa /dev/tun Ns Ar N . Normally, .Nm will start with a value of 0 for .Ar N , and keep trying to open a tunnel device by incrementing the value of .Ar N by one each time until it succeeds. If it fails three times in a row because the device file is missing, it gives up. .Pp The following .Va mode Ns No s are understood by .Nm : .Bl -tag -width XXX -offset XXX .It Fl auto .Nm opens the tun interface, configures it then goes into the background. The link is not brought up until outgoing data is detected on the tun interface at which point .Nm attempts to bring up the link. Packets received (including the first one) while .Nm is trying to bring the link up will remain queued for a default of 2 minutes. See the .Dq set choked command below. .Pp In .Fl auto mode, at least one .Dq system must be given on the command line (see below) and a .Dq set ifaddr must be done in the system profile that specifies a peer IP address to use when configuring the interface. Something like .Dq 10.0.0.1/0 is usually appropriate. See the .Dq pmdemand system in .Pa /usr/share/examples/ppp/ppp.conf.sample for an example. .It Fl background Here, .Nm attempts to establish a connection with the peer immediately. If it succeeds, .Nm goes into the background and the parent process returns an exit code of 0. If it fails, .Nm exits with a non-zero result. .It Fl foreground In foreground mode, .Nm attempts to establish a connection with the peer immediately, but never becomes a daemon. The link is created in background mode. This is useful if you wish to control .Nm Ns No 's invocation from another process. .It Fl direct This is used for communicating over an already established connection, usually when receiving incoming connections accepted by .Xr getty 8 . .Nm ignores the .Dq set device line and uses descriptor 0 as the link. .Nm will also ignore any configured chat scripts unless the .Dq force-scripts option has been enabled. .Pp If callback is configured, .Nm will use the .Dq set device information when dialing back. .Pp When run in .Fl direct mode, .Nm will behave slightly differently if descriptor 0 was created by .Xr pipe 2 . As pipes are not bi-directional, ppp will redirect all writes to descriptor 1 (standard output), leaving only reads acting on descriptor 0. No special action is taken if descriptor 0 was created by .Xr socketpair 2 . .It Fl dedicated This option is designed for machines connected with a dedicated wire. .Nm will always keep the device open and will ignore any configured chat scripts unless the .Dq force-scripts option has been enabled. .It Fl ddial This mode is equivalent to .Fl auto mode except that .Nm will bring the link back up any time it is dropped for any reason. .It Fl interactive This is a no-op, and gives the same behaviour as if none of the above modes have been specified. .Nm loads any sections specified on the command line then provides an interactive prompt. .El .Pp One or more configuration entries or systems (as specified in .Pa /etc/ppp/ppp.conf ) may also be specified on the command line. .Nm will read the .Dq default system from .Pa /etc/ppp/ppp.conf at startup, followed by each of the systems specified on the command line. .Sh Major Features .Bl -diag .It Provides an interactive user interface. Using its command mode, the user can easily enter commands to establish the connection with the remote end, check the status of connection and close the connection. All functions can also be optionally password protected for security. .It Supports both manual and automatic dialing. Interactive mode has a .Dq term command which enables you to talk to the device directly. When you are connected to the remote peer and it starts to talk .Em PPP , .Nm detects it and switches to packet mode automatically. Once you have determined the proper sequence for connecting with the remote host, you can write a chat script to {define} the necessary dialing and login procedure for later convenience. .It Supports on-demand dialup capability. By using .Fl auto mode, .Nm will act as a daemon and wait for a packet to be sent over the .Em PPP link. When this happens, the daemon automatically dials and establishes the connection. In almost the same manner .Fl ddial mode (direct-dial mode) also automatically dials and establishes the connection. However, it differs in that it will dial the remote site any time it detects the link is down, even if there are no packets to be sent. This mode is useful for full-time connections where we worry less about line charges and more about being connected full time. A third .Fl dedicated mode is also available. This mode is targeted at a dedicated link between two machines. .Nm will never voluntarily quit from dedicated mode - you must send it the .Dq quit all command via its diagnostic socket. A .Dv SIGHUP will force an LCP renegotiation, and a .Dv SIGTERM will force it to exit. .It Supports client callback. .Nm can use either the standard LCP callback protocol or the Microsoft CallBack Control Protocol (ftp://ftp.microsoft.com/developr/rfc/cbcp.txt). .It Supports NAT or packet aliasing. Packet aliasing (a.k.a.\& IP masquerading) allows computers on a private, unregistered network to access the Internet. The .Em PPP host acts as a masquerading gateway. IP addresses as well as TCP and UDP port numbers are NAT'd for outgoing packets and de-NAT'd for returning packets. .It Supports background PPP connections. In background mode, if .Nm successfully establishes the connection, it will become a daemon. Otherwise, it will exit with an error. This allows the setup of scripts that wish to execute certain commands only if the connection is successfully established. .It Supports server-side PPP connections. In direct mode, .Nm acts as server which accepts incoming .Em PPP connections on stdin/stdout. .It Supports PAP and CHAP (rfc 1994, 2433 and 2759) authentication. With PAP or CHAP, it is possible to skip the Unix style .Xr login 1 procedure, and use the .Em PPP protocol for authentication instead. If the peer requests Microsoft CHAP authentication and .Nm is compiled with DES support, an appropriate MD4/DES response will be made. .It Supports RADIUS (rfc 2138 & 2548) authentication. An extension to PAP and CHAP, .Em \&R Ns No emote .Em \&A Ns No ccess .Em \&D Ns No ial .Em \&I Ns No n .Em \&U Ns No ser .Em \&S Ns No ervice allows authentication information to be stored in a central or distributed database along with various per-user framed connection characteristics. ifdef({LOCALRAD},{},{If .Xr libradius 3 is available at compile time, .Nm will use it to make .Em RADIUS requests when configured to do so. })dnl .It Supports Proxy Arp. .Nm can be configured to make one or more proxy arp entries on behalf of the peer. This allows routing from the peer to the LAN without configuring each machine on that LAN. .It Supports packet filtering. User can {define} four kinds of filters: the .Em in filter for incoming packets, the .Em out filter for outgoing packets, the .Em dial filter to {define} a dialing trigger packet and the .Em alive filter for keeping a connection alive with the trigger packet. .It Tunnel driver supports bpf. The user can use .Xr tcpdump 1 to check the packet flow over the .Em PPP link. .It Supports PPP over TCP and PPP over UDP. If a device name is specified as .Em host Ns No : Ns Em port Ns .Xo .Op / Ns tcp|udp , .Xc .Nm will open a TCP or UDP connection for transporting data rather than using a conventional serial device. UDP connections force .Nm into synchronous mode. .It Supports PPP over Ethernet (rfc 2516). If .Nm is given a device specification of the format .No PPPoE: Ns Ar iface Ns Xo .Op \&: Ns Ar provider Ns .Xc and if .Xr netgraph 4 is available, .Nm will attempt talk .Em PPP over Ethernet to .Ar provider using the .Ar iface network interface. .Pp On systems that do not support .Xr netgraph 4 , an external program such as .Xr pppoed 8 may be used. .It "Supports IETF draft Predictor-1 (rfc 1978) and DEFLATE (rfc 1979) compression." .Nm supports not only VJ-compression but also Predictor-1 and DEFLATE compression. Normally, a modem has built-in compression (e.g., v42.bis) and the system may receive higher data rates from it as a result of such compression. While this is generally a good thing in most other situations, this higher speed data imposes a penalty on the system by increasing the number of serial interrupts the system has to process in talking to the modem and also increases latency. Unlike VJ-compression, Predictor-1 and DEFLATE compression pre-compresses .Em all network traffic flowing through the link, thus reducing overheads to a minimum. .It Supports Microsoft's IPCP extensions (rfc 1877). Name Server Addresses and NetBIOS Name Server Addresses can be negotiated with clients using the Microsoft .Em PPP stack (i.e., Win95, WinNT) .It Supports Multi-link PPP (rfc 1990) It is possible to configure .Nm to open more than one physical connection to the peer, combining the bandwidth of all links for better throughput. .It Supports MPPE (draft-ietf-pppext-mppe) MPPE is Microsoft Point to Point Encryption scheme. It is possible to configure .Nm to participate in Microsoft's Windows VPN. For now, .Nm can only get encryption keys from CHAP 81 authentication. .Nm must be compiled with DES for MPPE to operate. .It Supports IPV6CP (rfc 2023). An IPv6 connection can be made in addition to or instead of the normal IPv4 connection. .El .Sh PERMISSIONS .Nm is installed as user .Dv root and group .Dv network , with permissions .Dv 04554 . By default, .Nm will not run if the invoking user id is not zero. This may be overridden by using the .Dq allow users command in .Pa /etc/ppp/ppp.conf . When running as a normal user, .Nm switches to user id 0 in order to alter the system routing table, set up system lock files and read the ppp configuration files. All external commands (executed via the "shell" or "!bg" commands) are executed as the user id that invoked .Nm . Refer to the .Sq ID0 logging facility if you are interested in what exactly is done as user id zero. .Sh GETTING STARTED When you first run .Nm you may need to deal with some initial configuration details. .Bl -bullet .It Make sure that your system has a group named .Dq network in the .Pa /etc/group file and that the group contains the names of all users expected to use .Nm . Refer to the .Xr group 5 manual page for details. Each of these users must also be given access using the .Dq allow users command in .Pa /etc/ppp/ppp.conf . .It Create a log file. .Nm uses .Xr syslog 3 to log information. A common log file name is .Pa /var/log/ppp.log . To make output go to this file, put the following lines in the .Pa /etc/syslog.conf file: .Bd -literal -offset indent !ppp *.*/var/log/ppp.log .Ed .Pp It is possible to have more than one .Em PPP log file by creating a link to the .Nm executable: .Pp .Dl # cd /usr/sbin .Dl # ln ppp ppp0 .Pp and using .Bd -literal -offset indent !ppp0 *.*/var/log/ppp0.log .Ed .Pp in .Pa /etc/syslog.conf . Do not forget to send a .Dv HUP signal to .Xr syslogd 8 after altering .Pa /etc/syslog.conf . .It Although not strictly relevant to .Nm Ns No 's operation, you should configure your resolver so that it works correctly. This can be done by configuring a local DNS (using .Xr named 8 ) or by adding the correct .Sq nameserver lines to the file .Pa /etc/resolv.conf . Refer to the .Xr resolv.conf 5 manual page for details. .Pp Alternatively, if the peer supports it, .Nm can be configured to ask the peer for the nameserver address(es) and to update .Pa /etc/resolv.conf automatically. Refer to the .Dq enable dns and .Dq resolv commands below for details. .El .Sh MANUAL DIALING In the following examples, we assume that your machine name is .Dv awfulhak . when you invoke .Nm (see .Sx PERMISSIONS above) with no arguments, you are presented with a prompt: .Bd -literal -offset indent ppp ON awfulhak> .Ed .Pp The .Sq ON part of your prompt should always be in upper case. If it is in lower case, it means that you must supply a password using the .Dq passwd command. This only ever happens if you connect to a running version of .Nm and have not authenticated yourself using the correct password. .Pp You can start by specifying the device name and speed: .Bd -literal -offset indent -ppp ON awfulhak> set device /dev/cuad0 +ppp ON awfulhak> set device /dev/cuau0 ppp ON awfulhak> set speed 38400 .Ed .Pp Normally, hardware flow control (CTS/RTS) is used. However, under certain circumstances (as may happen when you are connected directly to certain PPP-capable terminal servers), this may result in .Nm hanging as soon as it tries to write data to your communications link as it is waiting for the CTS (clear to send) signal - which will never come. Thus, if you have a direct line and cannot seem to make a connection, try turning CTS/RTS off with .Dq set ctsrts off . If you need to do this, check the .Dq set accmap description below too - you will probably need to .Dq set accmap 000a0000 . .Pp Usually, parity is set to .Dq none , and this is .Nm Ns No 's default. Parity is a rather archaic error checking mechanism that is no longer used because modern modems do their own error checking, and most link-layer protocols (that is what .Nm is) use much more reliable checking mechanisms. Parity has a relatively huge overhead (a 12.5% increase in traffic) and as a result, it is always disabled (set to .Dq none ) when .Dv PPP is opened. However, some ISPs (Internet Service Providers) may use specific parity settings at connection time (before .Dv PPP is opened). Notably, Compuserve insist on even parity when logging in: .Bd -literal -offset indent ppp ON awfulhak> set parity even .Ed .Pp You can now see what your current device settings look like: .Bd -literal -offset indent ppp ON awfulhak> show physical Name: deflink State: closed Device: N/A Link Type: interactive Connect Count: 0 Queued Packets: 0 Phone Number: N/A Defaults: - Device List: /dev/cuad0 + Device List: /dev/cuau0 Characteristics: 38400bps, cs8, even parity, CTS/RTS on Connect time: 0 secs 0 octets in, 0 octets out Overall 0 bytes/sec ppp ON awfulhak> .Ed .Pp The term command can now be used to talk directly to the device: .Bd -literal -offset indent ppp ON awfulhak> term at OK atdt123456 CONNECT login: myispusername Password: myisppassword Protocol: ppp .Ed .Pp When the peer starts to talk in .Em PPP , .Nm detects this automatically and returns to command mode. .Bd -literal -offset indent ppp ON awfulhak> # No link has been established Ppp ON awfulhak> # We've connected & finished LCP PPp ON awfulhak> # We've authenticated PPP ON awfulhak> # We've agreed IP numbers .Ed .Pp If it does not, it is probable that the peer is waiting for your end to start negotiating. To force .Nm to start sending .Em PPP configuration packets to the peer, use the .Dq ~p command to drop out of terminal mode and enter packet mode. .Pp If you never even receive a login prompt, it is quite likely that the peer wants to use PAP or CHAP authentication instead of using Unix-style login/password authentication. To set things up properly, drop back to the prompt and set your authentication name and key, then reconnect: .Bd -literal -offset indent ~. ppp ON awfulhak> set authname myispusername ppp ON awfulhak> set authkey myisppassword ppp ON awfulhak> term at OK atdt123456 CONNECT .Ed .Pp You may need to tell ppp to initiate negotiations with the peer here too: .Bd -literal -offset indent ~p ppp ON awfulhak> # No link has been established Ppp ON awfulhak> # We've connected & finished LCP PPp ON awfulhak> # We've authenticated PPP ON awfulhak> # We've agreed IP numbers .Ed .Pp You are now connected! Note that .Sq PPP in the prompt has changed to capital letters to indicate that you have a peer connection. If only some of the three Ps go uppercase, wait until either everything is uppercase or lowercase. If they revert to lowercase, it means that .Nm could not successfully negotiate with the peer. A good first step for troubleshooting at this point would be to .Bd -literal -offset indent ppp ON awfulhak> set log local phase lcp ipcp .Ed .Pp and try again. Refer to the .Dq set log command description below for further details. If things fail at this point, it is quite important that you turn logging on and try again. It is also important that you note any prompt changes and report them to anyone trying to help you. .Pp When the link is established, the show command can be used to see how things are going: .Bd -literal -offset indent PPP ON awfulhak> show physical * Modem related information is shown here * PPP ON awfulhak> show ccp * CCP (compression) related information is shown here * PPP ON awfulhak> show lcp * LCP (line control) related information is shown here * PPP ON awfulhak> show ipcp * IPCP (IP) related information is shown here * PPP ON awfulhak> show ipv6cp * IPV6CP (IPv6) related information is shown here * PPP ON awfulhak> show link * Link (high level) related information is shown here * PPP ON awfulhak> show bundle * Logical (high level) connection related information is shown here * .Ed .Pp At this point, your machine has a host route to the peer. This means that you can only make a connection with the host on the other side of the link. If you want to add a default route entry (telling your machine to send all packets without another routing entry to the other side of the .Em PPP link), enter the following command: .Bd -literal -offset indent PPP ON awfulhak> add default HISADDR .Ed .Pp The string .Sq HISADDR represents the IP address of the connected peer. If the .Dq add command fails due to an existing route, you can overwrite the existing route using: .Bd -literal -offset indent PPP ON awfulhak> add! default HISADDR .Ed .Pp This command can also be executed before actually making the connection. If a new IP address is negotiated at connection time, .Nm will update your default route accordingly. .Pp You can now use your network applications (ping, telnet, ftp, etc.) in other windows or terminals on your machine. If you wish to reuse the current terminal, you can put .Nm into the background using your standard shell suspend and background commands (usually .Dq ^Z followed by .Dq bg ) . .Pp Refer to the .Sx PPP COMMAND LIST section for details on all available commands. .Sh AUTOMATIC DIALING To use automatic dialing, you must prepare some Dial and Login chat scripts. See the example definitions in .Pa /usr/share/examples/ppp/ppp.conf.sample (the format of .Pa /etc/ppp/ppp.conf is pretty simple). Each line contains one comment, inclusion, label or command: .Bl -bullet .It A line starting with a .Pq Dq # character is treated as a comment line. Leading whitespace are ignored when identifying comment lines. .It An inclusion is a line beginning with the word .Sq {!include} . It must have one argument - the file to {include}. You may wish to .Dq {!include} ~/.ppp.conf for compatibility with older versions of .Nm . .It A label name starts in the first column and is followed by a colon .Pq Dq \&: . .It A command line must contain a space or tab in the first column. .It A string starting with the .Dq $ character is substituted with the value of the environment variable by the same name. Likewise, a string starting with the .Dq ~ character is substituted with the full path to the home directory of the user account by the same name, and the .Dq ~ character by itself is substituted with the full path to the home directory of the current user. If you want to include a literal .Dq $ or .Dq ~ character in a command or argument, enclose them in double quotes, e.g., .Bd -literal -offset indent set password "pa$ss~word" .Ed .El .Pp The .Pa /etc/ppp/ppp.conf file should consist of at least a .Dq default section. This section is always executed. It should also contain one or more sections, named according to their purpose, for example, .Dq MyISP would represent your ISP, and .Dq ppp-in would represent an incoming .Nm configuration. You can now specify the destination label name when you invoke .Nm . Commands associated with the .Dq default label are executed, followed by those associated with the destination label provided. When .Nm is started with no arguments, the .Dq default section is still executed. The load command can be used to manually load a section from the .Pa /etc/ppp/ppp.conf file: .Bd -literal -offset indent ppp ON awfulhak> load MyISP .Ed .Pp Note, no action is taken by .Nm after a section is loaded, whether it is the result of passing a label on the command line or using the .Dq load command. Only the commands specified for that label in the configuration file are executed. However, when invoking .Nm with the .Fl background , .Fl ddial , or .Fl dedicated switches, the link mode tells .Nm to establish a connection. Refer to the .Dq set mode command below for further details. .Pp Once the connection is made, the .Sq ppp portion of the prompt will change to .Sq PPP : .Bd -literal -offset indent # ppp MyISP \&... ppp ON awfulhak> dial Ppp ON awfulhak> PPp ON awfulhak> PPP ON awfulhak> .Ed .Pp The Ppp prompt indicates that .Nm has entered the authentication phase. The PPp prompt indicates that .Nm has entered the network phase. The PPP prompt indicates that .Nm has successfully negotiated a network layer protocol and is in a usable state. .Pp If the .Pa /etc/ppp/ppp.linkup file is available, its contents are executed when the .Em PPP connection is established. See the provided .Dq pmdemand example in .Pa /usr/share/examples/ppp/ppp.conf.sample which runs a script in the background after the connection is established (refer to the .Dq shell and .Dq bg commands below for a description of possible substitution strings). Similarly, when a connection is closed, the contents of the .Pa /etc/ppp/ppp.linkdown file are executed. Both of these files have the same format as .Pa /etc/ppp/ppp.conf . .Pp In previous versions of .Nm , it was necessary to re-add routes such as the default route in the .Pa ppp.linkup file. .Nm supports .Sq sticky routes , where all routes that contain the .Dv HISADDR , .Dv MYADDR , .Dv HISADDR6 or .Dv MYADDR6 literals will automatically be updated when the values of these variables change. .Sh BACKGROUND DIALING If you want to establish a connection using .Nm non-interactively (such as from a .Xr crontab 5 entry or an .Xr at 1 job) you should use the .Fl background option. When .Fl background is specified, .Nm attempts to establish the connection immediately. If multiple phone numbers are specified, each phone number will be tried once. If the attempt fails, .Nm exits immediately with a non-zero exit code. If it succeeds, then .Nm becomes a daemon, and returns an exit status of zero to its caller. The daemon exits automatically if the connection is dropped by the remote system, or it receives a .Dv TERM signal. .Sh DIAL ON DEMAND Demand dialing is enabled with the .Fl auto or .Fl ddial options. You must also specify the destination label in .Pa /etc/ppp/ppp.conf to use. It must contain the .Dq set ifaddr command to {define} the remote peers IP address. (refer to .Pa /usr/share/examples/ppp/ppp.conf.sample ) .Bd -literal -offset indent # ppp -auto pmdemand .Ed .Pp When .Fl auto or .Fl ddial is specified, .Nm runs as a daemon but you can still configure or examine its configuration by using the .Dq set server command in .Pa /etc/ppp/ppp.conf , (for example, .Dq Li "set server +3000 mypasswd" ) and connecting to the diagnostic port as follows: .Bd -literal -offset indent # pppctl 3000 (assuming tun0) Password: PPP ON awfulhak> show who tcp (127.0.0.1:1028) * .Ed .Pp The .Dq show who command lists users that are currently connected to .Nm itself. If the diagnostic socket is closed or changed to a different socket, all connections are immediately dropped. .Pp In .Fl auto mode, when an outgoing packet is detected, .Nm will perform the dialing action (chat script) and try to connect with the peer. In .Fl ddial mode, the dialing action is performed any time the line is found to be down. If the connect fails, the default behaviour is to wait 30 seconds and then attempt to connect when another outgoing packet is detected. This behaviour can be changed using the .Dq set redial command: .Pp .No set redial Ar secs Ns .Oo + Ns Ar inc Ns .Oo - Ns Ar max Ns Oc Oc Ns .Op . Ns Ar next .Op Ar attempts .Pp .Bl -tag -width attempts -compact .It Ar secs is the number of seconds to wait before attempting to connect again. If the argument is the literal string .Sq Li random , the delay period is a random value between 1 and 30 seconds inclusive. .It Ar inc is the number of seconds that .Ar secs should be incremented each time a new dial attempt is made. The timeout reverts to .Ar secs only after a successful connection is established. The default value for .Ar inc is zero. .It Ar max is the maximum number of times .Nm should increment .Ar secs . The default value for .Ar max is 10. .It Ar next is the number of seconds to wait before attempting to dial the next number in a list of numbers (see the .Dq set phone command). The default is 3 seconds. Again, if the argument is the literal string .Sq Li random , the delay period is a random value between 1 and 30 seconds. .It Ar attempts is the maximum number of times to try to connect for each outgoing packet that triggers a dial. The previous value is unchanged if this parameter is omitted. If a value of zero is specified for .Ar attempts , .Nm will keep trying until a connection is made. .El .Pp So, for example: .Bd -literal -offset indent set redial 10.3 4 .Ed .Pp will attempt to connect 4 times for each outgoing packet that causes a dial attempt with a 3 second delay between each number and a 10 second delay after all numbers have been tried. If multiple phone numbers are specified, the total number of attempts is still 4 (it does not attempt each number 4 times). .Pp Alternatively, .Bd -literal -offset indent set redial 10+10-5.3 20 .Ed .Pp tells .Nm to attempt to connect 20 times. After the first attempt, .Nm pauses for 10 seconds. After the next attempt it pauses for 20 seconds and so on until after the sixth attempt it pauses for 1 minute. The next 14 pauses will also have a duration of one minute. If .Nm connects, disconnects and fails to connect again, the timeout starts again at 10 seconds. .Pp Modifying the dial delay is very useful when running .Nm in .Fl auto mode on both ends of the link. If each end has the same timeout, both ends wind up calling each other at the same time if the link drops and both ends have packets queued. At some locations, the serial link may not be reliable, and carrier may be lost at inappropriate times. It is possible to have .Nm redial should carrier be unexpectedly lost during a session. .Bd -literal -offset indent set reconnect timeout ntries .Ed .Pp This command tells .Nm to re-establish the connection .Ar ntries times on loss of carrier with a pause of .Ar timeout seconds before each try. For example, .Bd -literal -offset indent set reconnect 3 5 .Ed .Pp tells .Nm that on an unexpected loss of carrier, it should wait .Ar 3 seconds before attempting to reconnect. This may happen up to .Ar 5 times before .Nm gives up. The default value of ntries is zero (no reconnect). Care should be taken with this option. If the local timeout is slightly longer than the remote timeout, the reconnect feature will always be triggered (up to the given number of times) after the remote side times out and hangs up. NOTE: In this context, losing too many LQRs constitutes a loss of carrier and will trigger a reconnect. If the .Fl background flag is specified, all phone numbers are dialed at most once until a connection is made. The next number redial period specified with the .Dq set redial command is honoured, as is the reconnect tries value. If your redial value is less than the number of phone numbers specified, not all the specified numbers will be tried. To terminate the program, type .Bd -literal -offset indent PPP ON awfulhak> close ppp ON awfulhak> quit all .Ed .Pp A simple .Dq quit command will terminate the .Xr pppctl 8 or .Xr telnet 1 connection but not the .Nm program itself. You must use .Dq quit all to terminate .Nm as well. .Sh RECEIVING INCOMING PPP CONNECTIONS (Method 1) To handle an incoming .Em PPP connection request, follow these steps: .Bl -enum .It Make sure the modem and (optionally) .Pa /etc/rc.serial is configured correctly. .Bl -bullet -compact .It Use Hardware Handshake (CTS/RTS) for flow control. .It Modem should be set to NO echo back (ATE0) and NO results string (ATQ1). .El .Pp .It Edit .Pa /etc/ttys to enable a .Xr getty 8 on the port where the modem is attached. For example: .Pp .Dl ttyd1 Qo /usr/libexec/getty std.38400 Qc dialup on secure .Pp Do not forget to send a .Dv HUP signal to the .Xr init 8 process to start the .Xr getty 8 : .Pp .Dl # kill -HUP 1 .Pp It is usually also necessary to train your modem to the same DTR speed as the getty: .Bd -literal -offset indent # ppp -ppp ON awfulhak> set device /dev/cuad1 +ppp ON awfulhak> set device /dev/cuau1 ppp ON awfulhak> set speed 38400 ppp ON awfulhak> term -deflink: Entering terminal mode on /dev/cuad1 +deflink: Entering terminal mode on /dev/cuau1 Type `~?' for help at OK at OK atz OK at OK ~. ppp ON awfulhak> quit .Ed .It Create a .Pa /usr/local/bin/ppplogin file with the following contents: .Bd -literal -offset indent #! /bin/sh exec /usr/sbin/ppp -direct incoming .Ed .Pp Direct mode .Pq Fl direct lets .Nm work with stdin and stdout. You can also use .Xr pppctl 8 to connect to a configured diagnostic port, in the same manner as with client-side .Nm . .Pp Here, the .Ar incoming section must be set up in .Pa /etc/ppp/ppp.conf . .Pp Make sure that the .Ar incoming section contains the .Dq allow users command as appropriate. .It Prepare an account for the incoming user. .Bd -literal ppp:xxxx:66:66:PPP Login User:/home/ppp:/usr/local/bin/ppplogin .Ed .Pp Refer to the manual entries for .Xr adduser 8 and .Xr vipw 8 for details. .It Support for IPCP Domain Name Server and NetBIOS Name Server negotiation can be enabled using the .Dq accept dns and .Dq set nbns commands. Refer to their descriptions below. .El .Sh RECEIVING INCOMING PPP CONNECTIONS (Method 2) This method differs in that we use .Nm to authenticate the connection rather than .Xr login 1 : .Bl -enum .It Configure your default section in .Pa /etc/gettytab with automatic ppp recognition by specifying the .Dq pp capability: .Bd -literal default:\\ :pp=/usr/local/bin/ppplogin:\\ ..... .Ed .It Configure your serial device(s), enable a .Xr getty 8 and create .Pa /usr/local/bin/ppplogin as in the first three steps for method 1 above. .It Add either .Dq enable chap or .Dq enable pap (or both) to .Pa /etc/ppp/ppp.conf under the .Sq incoming label (or whatever label .Pa ppplogin uses). .It Create an entry in .Pa /etc/ppp/ppp.secret for each incoming user: .Bd -literal Pfredxxxx Pgeorgeyyyy .Ed .El .Pp Now, as soon as .Xr getty 8 detects a ppp connection (by recognising the HDLC frame headers), it runs .Dq /usr/local/bin/ppplogin . .Pp It is .Em VITAL that either PAP or CHAP are enabled as above. If they are not, you are allowing anybody to establish a ppp session with your machine .Em without a password, opening yourself up to all sorts of potential attacks. .Sh AUTHENTICATING INCOMING CONNECTIONS Normally, the receiver of a connection requires that the peer authenticates itself. This may be done using .Xr login 1 , but alternatively, you can use PAP or CHAP. CHAP is the more secure of the two, but some clients may not support it. Once you decide which you wish to use, add the command .Sq enable chap or .Sq enable pap to the relevant section of .Pa ppp.conf . .Pp You must then configure the .Pa /etc/ppp/ppp.secret file. This file contains one line per possible client, each line containing up to five fields: .Pp .Ar name Ar key Oo .Ar hisaddr Op Ar label Op Ar callback-number .Oc .Pp The .Ar name and .Ar key specify the client username and password. If .Ar key is .Dq \&* and PAP is being used, .Nm will look up the password database .Pq Xr passwd 5 when authenticating. If the client does not offer a suitable response based on any .Ar name Ns No / Ns Ar key combination in .Pa ppp.secret , authentication fails. .Pp If authentication is successful, .Ar hisaddr (if specified) is used when negotiating IP numbers. See the .Dq set ifaddr command for details. .Pp If authentication is successful and .Ar label is specified, the current system label is changed to match the given .Ar label . This will change the subsequent parsing of the .Pa ppp.linkup and .Pa ppp.linkdown files. .Pp If authentication is successful and .Ar callback-number is specified and .Dq set callback has been used in .Pa ppp.conf , the client will be called back on the given number. If CBCP is being used, .Ar callback-number may also contain a list of numbers or a .Dq \&* , as if passed to the .Dq set cbcp command. The value will be used in .Nm Ns No 's subsequent CBCP phase. .Sh PPP OVER TCP and UDP (a.k.a Tunnelling) Instead of running .Nm over a serial link, it is possible to use a TCP connection instead by specifying the host, port and protocol as the device: .Pp .Dl set device ui-gate:6669/tcp .Pp Instead of opening a serial device, .Nm will open a TCP connection to the given machine on the given socket. It should be noted however that .Nm does not use the telnet protocol and will be unable to negotiate with a telnet server. You should set up a port for receiving this .Em PPP connection on the receiving machine (ui-gate). This is done by first updating .Pa /etc/services to name the service: .Pp .Dl ppp-in 6669/tcp # Incoming PPP connections over TCP .Pp and updating .Pa /etc/inetd.conf to tell .Xr inetd 8 how to deal with incoming connections on that port: .Pp .Dl ppp-in stream tcp nowait root /usr/sbin/ppp ppp -direct ppp-in .Pp Do not forget to send a .Dv HUP signal to .Xr inetd 8 after you have updated .Pa /etc/inetd.conf . Here, we use a label named .Dq ppp-in . The entry in .Pa /etc/ppp/ppp.conf on ui-gate (the receiver) should contain the following: .Bd -literal -offset indent ppp-in: set timeout 0 set ifaddr 10.0.4.1 10.0.4.2 .Ed .Pp and the entry in .Pa /etc/ppp/ppp.linkup should contain: .Bd -literal -offset indent ppp-in: add 10.0.1.0/24 HISADDR .Ed .Pp It is necessary to put the .Dq add command in .Pa ppp.linkup to ensure that the route is only added after .Nm has negotiated and assigned addresses to its interface. .Pp You may also want to enable PAP or CHAP for security. To enable PAP, add the following line: .Bd -literal -offset indent enable PAP .Ed .Pp You will also need to create the following entry in .Pa /etc/ppp/ppp.secret : .Bd -literal -offset indent MyAuthName MyAuthPasswd .Ed .Pp If .Ar MyAuthPasswd is a .Dq * , the password is looked up in the .Xr passwd 5 database. .Pp The entry in .Pa /etc/ppp/ppp.conf on awfulhak (the initiator) should contain the following: .Bd -literal -offset indent ui-gate: set escape 0xff set device ui-gate:ppp-in/tcp set dial set timeout 30 set log Phase Chat Connect hdlc LCP IPCP IPV6CP CCP tun set ifaddr 10.0.4.2 10.0.4.1 .Ed .Pp with the route setup in .Pa /etc/ppp/ppp.linkup : .Bd -literal -offset indent ui-gate: add 10.0.2.0/24 HISADDR .Ed .Pp Again, if you are enabling PAP, you will also need this in the .Pa /etc/ppp/ppp.conf profile: .Bd -literal -offset indent set authname MyAuthName set authkey MyAuthKey .Ed .Pp We are assigning the address of 10.0.4.1 to ui-gate, and the address 10.0.4.2 to awfulhak. To open the connection, just type .Pp .Dl awfulhak # ppp -background ui-gate .Pp The result will be an additional "route" on awfulhak to the 10.0.2.0/24 network via the TCP connection, and an additional "route" on ui-gate to the 10.0.1.0/24 network. The networks are effectively bridged - the underlying TCP connection may be across a public network (such as the Internet), and the .Em PPP traffic is conceptually encapsulated (although not packet by packet) inside the TCP stream between the two gateways. .Pp The major disadvantage of this mechanism is that there are two "guaranteed delivery" mechanisms in place - the underlying TCP stream and whatever protocol is used over the .Em PPP link - probably TCP again. If packets are lost, both levels will get in each others way trying to negotiate sending of the missing packet. .Pp To avoid this overhead, it is also possible to do all this using UDP instead of TCP as the transport by simply changing the protocol from "tcp" to "udp". When using UDP as a transport, .Nm will operate in synchronous mode. This is another gain as the incoming data does not have to be rearranged into packets. .Pp Care should be taken when adding a default route through a tunneled setup like this. It is quite common for the default route (added in .Pa /etc/ppp/ppp.linkup ) to end up routing the link's TCP connection through the tunnel, effectively garrotting the connection. To avoid this, make sure you add a static route for the benefit of the link: .Bd -literal -offset indent ui-gate: set escape 0xff set device ui-gate:ppp-in/tcp add ui-gate x.x.x.x ..... .Ed .Pp where .Dq x.x.x.x is the IP number that your route to .Dq ui-gate would normally use. .Pp When routing your connection across a public network such as the Internet, it is preferable to encrypt the data. This can be done with the help of the MPPE protocol, although currently this means that you will not be able to also compress the traffic as MPPE is implemented as a compression layer (thank Microsoft for this). To enable MPPE encryption, add the following lines to .Pa /etc/ppp/ppp.conf on the server: .Bd -literal -offset indent enable MSCHAPv2 disable deflate pred1 deny deflate pred1 .Ed .Pp ensuring that you have put the requisite entry in .Pa /etc/ppp/ppp.secret (MSCHAPv2 is challenge based, so .Xr passwd 5 cannot be used) .Pp MSCHAPv2 and MPPE are accepted by default, so the client end should work without any additional changes (although ensure you have .Dq set authname and .Dq set authkey in your profile). .Sh NETWORK ADDRESS TRANSLATION (PACKET ALIASING) The .Fl nat command line option enables network address translation (a.k.a.\& packet aliasing). This allows the .Nm host to act as a masquerading gateway for other computers over a local area network. Outgoing IP packets are NAT'd so that they appear to come from the .Nm host, and incoming packets are de-NAT'd so that they are routed to the correct machine on the local area network. NAT allows computers on private, unregistered subnets to have Internet access, although they are invisible from the outside world. In general, correct .Nm operation should first be verified with network address translation disabled. Then, the .Fl nat option should be switched on, and network applications (web browser, .Xr telnet 1 , .Xr ftp 1 , .Xr ping 8 , .Xr traceroute 8 ) should be checked on the .Nm host. Finally, the same or similar applications should be checked on other computers in the LAN. If network applications work correctly on the .Nm host, but not on other machines in the LAN, then the masquerading software is working properly, but the host is either not forwarding or possibly receiving IP packets. Check that IP forwarding is enabled in .Pa /etc/rc.conf and that other machines have designated the .Nm host as the gateway for the LAN. .Sh PACKET FILTERING This implementation supports packet filtering. There are four kinds of filters: the .Em in filter, the .Em out filter, the .Em dial filter and the .Em alive filter. Here are the basics: .Bl -bullet .It A filter definition has the following syntax: .Pp set filter .Ar name .Ar rule-no .Ar action .Op !\& .Oo .Op host .Ar src_addr Ns Op / Ns Ar width .Op Ar dst_addr Ns Op / Ns Ar width .Oc .Ar [ proto Op src Ar cmp port .Op dst Ar cmp port .Op estab .Op syn .Op finrst .Op timeout Ar secs ] .Bl -enum .It .Ar Name should be one of .Sq in , .Sq out , .Sq dial or .Sq alive . .It .Ar Rule-no is a numeric value between .Sq 0 and .Sq 39 specifying the rule number. Rules are specified in numeric order according to .Ar rule-no , but only if rule .Sq 0 is defined. .It .Ar Action may be specified as .Sq permit or .Sq deny , in which case, if a given packet matches the rule, the associated action is taken immediately. .Ar Action can also be specified as .Sq clear to clear the action associated with that particular rule, or as a new rule number greater than the current rule. In this case, if a given packet matches the current rule, the packet will next be matched against the new rule number (rather than the next rule number). .Pp The .Ar action may optionally be followed with an exclamation mark .Pq Dq !\& , telling .Nm to reverse the sense of the following match. .It .Op Ar src_addr Ns Op / Ns Ar width and .Op Ar dst_addr Ns Op / Ns Ar width are the source and destination IP number specifications. If .Op / Ns Ar width is specified, it gives the number of relevant netmask bits, allowing the specification of an address range. .Pp Either .Ar src_addr or .Ar dst_addr may be given the values .Dv MYADDR , .Dv HISADDR , .Dv MYADDR6 or .Dv HISADDR6 (refer to the description of the .Dq bg command for a description of these values). When these values are used, the filters will be updated any time the values change. This is similar to the behaviour of the .Dq add command below. .It .Ar Proto may be any protocol from .Xr protocols 5 . .It .Ar Cmp is one of .Sq \< , .Sq \&eq or .Sq \> , meaning less-than, equal and greater-than respectively. .Ar Port can be specified as a numeric port or by service name from .Pa /etc/services . .It The .Sq estab , .Sq syn , and .Sq finrst flags are only allowed when .Ar proto is set to .Sq tcp , and represent the TH_ACK, TH_SYN and TH_FIN or TH_RST TCP flags respectively. .It The timeout value adjusts the current idle timeout to at least .Ar secs seconds. If a timeout is given in the alive filter as well as in the in/out filter, the in/out value is used. If no timeout is given, the default timeout (set using .Ic set timeout and defaulting to 180 seconds) is used. .El .Pp .It Each filter can hold up to 40 rules, starting from rule 0. The entire rule set is not effective until rule 0 is defined, i.e., the default is to allow everything through. .It If no rule in a defined set of rules matches a packet, that packet will be discarded (blocked). If there are no rules in a given filter, the packet will be permitted. .It It is possible to filter based on the payload of UDP frames where those frames contain a .Em PROTO_IP .Em PPP frame header. See the .Ar filter-decapsulation option below for further details. .It Use .Dq set filter Ar name No -1 to flush all rules. .El .Pp See .Pa /usr/share/examples/ppp/ppp.conf.sample . .Sh SETTING THE IDLE TIMER To check/set the idle timer, use the .Dq show bundle and .Dq set timeout commands: .Bd -literal -offset indent ppp ON awfulhak> set timeout 600 .Ed .Pp The timeout period is measured in seconds, the default value for which is 180 seconds (or 3 min). To disable the idle timer function, use the command .Bd -literal -offset indent ppp ON awfulhak> set timeout 0 .Ed .Pp In .Fl ddial and .Fl dedicated modes, the idle timeout is ignored. In .Fl auto mode, when the idle timeout causes the .Em PPP session to be closed, the .Nm program itself remains running. Another trigger packet will cause it to attempt to re-establish the link. .Sh PREDICTOR-1 and DEFLATE COMPRESSION .Nm supports both Predictor type 1 and deflate compression. By default, .Nm will attempt to use (or be willing to accept) both compression protocols when the peer agrees (or requests them). The deflate protocol is preferred by .Nm . Refer to the .Dq disable and .Dq deny commands if you wish to disable this functionality. .Pp It is possible to use a different compression algorithm in each direction by using only one of .Dq disable deflate and .Dq deny deflate (assuming that the peer supports both algorithms). .Pp By default, when negotiating DEFLATE, .Nm will use a window size of 15. Refer to the .Dq set deflate command if you wish to change this behaviour. .Pp A special algorithm called DEFLATE24 is also available, and is disabled and denied by default. This is exactly the same as DEFLATE except that it uses CCP ID 24 to negotiate. This allows .Nm to successfully negotiate DEFLATE with .Nm pppd version 2.3.*. .Sh CONTROLLING IP ADDRESS For IPv4, .Nm uses IPCP to negotiate IP addresses. Each side of the connection specifies the IP address that it is willing to use, and if the requested IP address is acceptable then .Nm returns an ACK to the requester. Otherwise, .Nm returns NAK to suggest that the peer use a different IP address. When both sides of the connection agree to accept the received request (and send an ACK), IPCP is set to the open state and a network level connection is established. To control this IPCP behaviour, this implementation has the .Dq set ifaddr command for defining the local and remote IP address: .Bd -ragged -offset indent .No set ifaddr Oo Ar src_addr Ns .Op / Ns Ar \&nn .Oo Ar dst_addr Ns Op / Ns Ar \&nn .Oo Ar netmask .Op Ar trigger_addr .Oc .Oc .Oc .Ed .Pp where, .Sq src_addr is the IP address that the local side is willing to use, .Sq dst_addr is the IP address which the remote side should use and .Sq netmask is the netmask that should be used. .Sq Src_addr defaults to the current .Xr hostname 1 , .Sq dst_addr defaults to 0.0.0.0, and .Sq netmask defaults to whatever mask is appropriate for .Sq src_addr . It is only possible to make .Sq netmask smaller than the default. The usual value is 255.255.255.255, as most kernels ignore the netmask of a POINTOPOINT interface. .Pp Some incorrect .Em PPP implementations require that the peer negotiates a specific IP address instead of .Sq src_addr . If this is the case, .Sq trigger_addr may be used to specify this IP number. This will not affect the routing table unless the other side agrees with this proposed number. .Bd -literal -offset indent set ifaddr 192.244.177.38 192.244.177.2 255.255.255.255 0.0.0.0 .Ed .Pp The above specification means: .Pp .Bl -bullet -compact .It I will first suggest that my IP address should be 0.0.0.0, but I will only accept an address of 192.244.177.38. .It I strongly insist that the peer uses 192.244.177.2 as his own address and will not permit the use of any IP address but 192.244.177.2. When the peer requests another IP address, I will always suggest that it uses 192.244.177.2. .It The routing table entry will have a netmask of 0xffffffff. .El .Pp This is all fine when each side has a pre-determined IP address, however it is often the case that one side is acting as a server which controls all IP addresses and the other side should go along with it. In order to allow more flexible behaviour, the .Dq set ifaddr command allows the user to specify IP addresses more loosely: .Pp .Dl set ifaddr 192.244.177.38/24 192.244.177.2/20 .Pp A number followed by a slash .Pq Dq / represents the number of bits significant in the IP address. The above example means: .Pp .Bl -bullet -compact .It I would like to use 192.244.177.38 as my address if it is possible, but I will also accept any IP address between 192.244.177.0 and 192.244.177.255. .It I would like to make him use 192.244.177.2 as his own address, but I will also permit him to use any IP address between 192.244.176.0 and 192.244.191.255. .It As you may have already noticed, 192.244.177.2 is equivalent to saying 192.244.177.2/32. .It As an exception, 0 is equivalent to 0.0.0.0/0, meaning that I have no preferred IP address and will obey the remote peers selection. When using zero, no routing table entries will be made until a connection is established. .It 192.244.177.2/0 means that I will accept/permit any IP address but I will suggest that 192.244.177.2 be used first. .El .Pp When negotiating IPv6 addresses, no control is given to the user. IPV6CP negotiation is fully automatic. .Sh CONNECTING WITH YOUR INTERNET SERVICE PROVIDER The following steps should be taken when connecting to your ISP: .Bl -enum .It Describe your providers phone number(s) in the dial script using the .Dq set phone command. This command allows you to set multiple phone numbers for dialing and redialing separated by either a pipe .Pq Dq \&| or a colon .Pq Dq \&: : .Bd -ragged -offset indent .No set phone Ar telno Ns .Oo \&| Ns Ar backupnumber Oc Ns ... Ns Oo : Ns Ar nextnumber Oc Ns ... .Ed .Pp Numbers after the first in a pipe-separated list are only used if the previous number was used in a failed dial or login script. Numbers separated by a colon are used sequentially, irrespective of what happened as a result of using the previous number. For example: .Bd -literal -offset indent set phone "1234567|2345678:3456789|4567890" .Ed .Pp Here, the 1234567 number is attempted. If the dial or login script fails, the 2345678 number is used next time, but *only* if the dial or login script fails. On the dial after this, the 3456789 number is used. The 4567890 number is only used if the dial or login script using the 3456789 fails. If the login script of the 2345678 number fails, the next number is still the 3456789 number. As many pipes and colons can be used as are necessary (although a given site would usually prefer to use either the pipe or the colon, but not both). The next number redial timeout is used between all numbers. When the end of the list is reached, the normal redial period is used before starting at the beginning again. The selected phone number is substituted for the \\\\T string in the .Dq set dial command (see below). .It Set up your redial requirements using .Dq set redial . For example, if you have a bad telephone line or your provider is usually engaged (not so common these days), you may want to specify the following: .Bd -literal -offset indent set redial 10 4 .Ed .Pp This says that up to 4 phone calls should be attempted with a pause of 10 seconds before dialing the first number again. .It Describe your login procedure using the .Dq set dial and .Dq set login commands. The .Dq set dial command is used to talk to your modem and establish a link with your ISP, for example: .Bd -literal -offset indent set dial "ABORT BUSY ABORT NO\\\\sCARRIER TIMEOUT 4 \\"\\" \e ATZ OK-ATZ-OK ATDT\\\\T TIMEOUT 60 CONNECT" .Ed .Pp This modem "chat" string means: .Bl -bullet .It Abort if the string "BUSY" or "NO CARRIER" are received. .It Set the timeout to 4 seconds. .It Expect nothing. .It Send ATZ. .It Expect OK. If that is not received within the 4 second timeout, send ATZ and expect OK. .It Send ATDTxxxxxxx where xxxxxxx is the next number in the phone list from above. .It Set the timeout to 60. .It Wait for the CONNECT string. .El .Pp Once the connection is established, the login script is executed. This script is written in the same style as the dial script, but care should be taken to avoid having your password logged: .Bd -literal -offset indent set authkey MySecret set login "TIMEOUT 15 login:-\\\\r-login: awfulhak \e word: \\\\P ocol: PPP HELLO" .Ed .Pp This login "chat" string means: .Bl -bullet .It Set the timeout to 15 seconds. .It Expect "login:". If it is not received, send a carriage return and expect "login:" again. .It Send "awfulhak" .It Expect "word:" (the tail end of a "Password:" prompt). .It Send whatever our current .Ar authkey value is set to. .It Expect "ocol:" (the tail end of a "Protocol:" prompt). .It Send "PPP". .It Expect "HELLO". .El .Pp The .Dq set authkey command is logged specially. When .Ar command or .Ar chat logging is enabled, the actual password is not logged; .Sq ******** is logged instead. .Pp Login scripts vary greatly between ISPs. If you are setting one up for the first time, .Em ENABLE CHAT LOGGING so that you can see if your script is behaving as you expect. .It Use .Dq set device and .Dq set speed to specify your serial line and speed, for example: .Bd -literal -offset indent -set device /dev/cuad0 +set device /dev/cuau0 set speed 115200 .Ed .Pp Cuad0 is the first serial port on .Fx . If you are running .Nm on .Ox , cua00 is the first. A speed of 115200 should be specified if you have a modem capable of bit rates of 28800 or more. In general, the serial speed should be about four times the modem speed. .It Use the .Dq set ifaddr command to {define} the IP address. .Bl -bullet .It If you know what IP address your provider uses, then use it as the remote address (dst_addr), otherwise choose something like 10.0.0.2/0 (see below). .It If your provider has assigned a particular IP address to you, then use it as your address (src_addr). .It If your provider assigns your address dynamically, choose a suitably unobtrusive and unspecific IP number as your address. 10.0.0.1/0 would be appropriate. The bit after the / specifies how many bits of the address you consider to be important, so if you wanted to insist on something in the class C network 1.2.3.0, you could specify 1.2.3.1/24. .It If you find that your ISP accepts the first IP number that you suggest, specify third and forth arguments of .Dq 0.0.0.0 . This will force your ISP to assign a number. (The third argument will be ignored as it is less restrictive than the default mask for your .Sq src_addr ) . .El .Pp An example for a connection where you do not know your IP number or your ISPs IP number would be: .Bd -literal -offset indent set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 .Ed .Pp .It In most cases, your ISP will also be your default router. If this is the case, add the line .Bd -literal -offset indent add default HISADDR .Ed .Pp to .Pa /etc/ppp/ppp.conf (or to .Pa /etc/ppp/ppp.linkup for setups that do not use .Fl auto mode). .Pp This tells .Nm to add a default route to whatever the peer address is (10.0.0.2 in this example). This route is .Sq sticky , meaning that should the value of .Dv HISADDR change, the route will be updated accordingly. .It If your provider requests that you use PAP/CHAP authentication methods, add the next lines to your .Pa /etc/ppp/ppp.conf file: .Bd -literal -offset indent set authname MyName set authkey MyPassword .Ed .Pp Both are accepted by default, so .Nm will provide whatever your ISP requires. .Pp It should be noted that a login script is rarely (if ever) required when PAP or CHAP are in use. .It Ask your ISP to authenticate your nameserver address(es) with the line .Bd -literal -offset indent enable dns .Ed .Pp Do .Em NOT do this if you are running a local DNS unless you also either use .Dq resolv readonly or have .Dq resolv restore in .Pa /etc/ppp/ppp.linkdown , as .Nm will simply circumvent its use by entering some nameserver lines in .Pa /etc/resolv.conf . .El .Pp Please refer to .Pa /usr/share/examples/ppp/ppp.conf.sample and .Pa /usr/share/examples/ppp/ppp.linkup.sample for some real examples. The pmdemand label should be appropriate for most ISPs. .Sh LOGGING FACILITY .Nm is able to generate the following log info either via .Xr syslog 3 or directly to the screen: .Pp .Bl -tag -width XXXXXXXXX -offset XXX -compact .It Li All Enable all logging facilities. This generates a lot of log. The most common use of 'all' is as a basis, where you remove some facilities after enabling 'all' ('debug' and 'timer' are usually best disabled.) .It Li Async Dump async level packet in hex. .It Li CBCP Generate CBCP (CallBack Control Protocol) logs. .It Li CCP Generate a CCP packet trace. .It Li Chat Generate .Sq dial , .Sq login , .Sq logout and .Sq hangup chat script trace logs. .It Li Command Log commands executed either from the command line or any of the configuration files. .It Li Connect Log Chat lines containing the string "CONNECT". .It Li Debug Log debug information. .It Li DNS Log DNS QUERY packets. .It Li Filter Log packets permitted by the dial filter and denied by any filter. .It Li HDLC Dump HDLC packet in hex. .It Li ID0 Log all function calls specifically made as user id 0. .It Li IPCP Generate an IPCP packet trace. .It Li LCP Generate an LCP packet trace. .It Li LQM Generate LQR reports. .It Li Phase Phase transition log output. .It Li Physical Dump physical level packet in hex. .It Li Radius Dump RADIUS information. RADIUS information resulting from the link coming up or down is logged at .Dq Phase level unless .Dq Radius logging is enabled. This log level is most useful for monitoring RADIUS alive information. .It Li Sync Dump sync level packet in hex. .It Li TCP/IP Dump all TCP/IP packets. .It Li Timer Log timer manipulation. .It Li TUN Include the tun device on each log line. .It Li Warning Output to the terminal device. If there is currently no terminal, output is sent to the log file using syslogs .Dv LOG_WARNING . .It Li Error Output to both the terminal device and the log file using syslogs .Dv LOG_ERROR . .It Li Alert Output to the log file using .Dv LOG_ALERT . .El .Pp The .Dq set log command allows you to set the logging output level. Multiple levels can be specified on a single command line. The default is equivalent to .Dq set log Phase . .Pp It is also possible to log directly to the screen. The syntax is the same except that the word .Dq local should immediately follow .Dq set log . The default is .Dq set log local (i.e., only the un-maskable warning, error and alert output). .Pp If The first argument to .Dq set log Op local begins with a .Sq + or a .Sq - character, the current log levels are not cleared, for example: .Bd -literal -offset indent PPP ON awfulhak> set log phase PPP ON awfulhak> show log Log: Phase Warning Error Alert Local: Warning Error Alert PPP ON awfulhak> set log +tcp/ip -warning PPP ON awfulhak> set log local +command PPP ON awfulhak> show log Log: Phase TCP/IP Warning Error Alert Local: Command Warning Error Alert .Ed .Pp Log messages of level Warning, Error and Alert are not controllable using .Dq set log Op local . .Pp The .Ar Warning level is special in that it will not be logged if it can be displayed locally. .Sh SIGNAL HANDLING .Nm deals with the following signals: .Bl -tag -width "USR2" .It INT Receipt of this signal causes the termination of the current connection (if any). This will cause .Nm to exit unless it is in .Fl auto or .Fl ddial mode. .It HUP, TERM & QUIT These signals tell .Nm to exit. .It USR1 This signal, tells .Nm to re-open any existing server socket, dropping all existing diagnostic connections. Sockets that could not previously be opened will be retried. .It USR2 This signal, tells .Nm to close any existing server socket, dropping all existing diagnostic connections. .Dv SIGUSR1 can still be used to re-open the socket. .El .Sh MULTI-LINK PPP If you wish to use more than one physical link to connect to a .Em PPP peer, that peer must also understand the .Em MULTI-LINK PPP protocol. Refer to RFC 1990 for specification details. .Pp The peer is identified using a combination of his .Dq endpoint discriminator and his .Dq authentication id . Either or both of these may be specified. It is recommended that at least one is specified, otherwise there is no way of ensuring that all links are actually connected to the same peer program, and some confusing lock-ups may result. Locally, these identification variables are specified using the .Dq set enddisc and .Dq set authname commands. The .Sq authname (and .Sq authkey ) must be agreed in advance with the peer. .Pp Multi-link capabilities are enabled using the .Dq set mrru command (set maximum reconstructed receive unit). Once multi-link is enabled, .Nm will attempt to negotiate a multi-link connection with the peer. .Pp By default, only one .Sq link is available (called .Sq deflink ) . To create more links, the .Dq clone command is used. This command will clone existing links, where all characteristics are the same except: .Bl -enum .It The new link has its own name as specified on the .Dq clone command line. .It The new link is an .Sq interactive link. Its mode may subsequently be changed using the .Dq set mode command. .It The new link is in a .Sq closed state. .El .Pp A summary of all available links can be seen using the .Dq show links command. .Pp Once a new link has been created, command usage varies. All link specific commands must be prefixed with the .Dq link Ar name command, specifying on which link the command is to be applied. When only a single link is available, .Nm is smart enough not to require the .Dq link Ar name prefix. .Pp Some commands can still be used without specifying a link - resulting in an operation at the .Sq bundle level. For example, once two or more links are available, the command .Dq show ccp will show CCP configuration and statistics at the multi-link level, and .Dq link deflink show ccp will show the same information at the .Dq deflink link level. .Pp Armed with this information, the following configuration might be used: .Bd -literal -offset indent mp: set timeout 0 set log phase chat - set device /dev/cuad0 /dev/cuad1 /dev/cuad2 + set device /dev/cuau0 /dev/cuau1 /dev/cuau2 set phone "123456789" set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \\"\\" ATZ \e OK-AT-OK \\\\dATDT\\\\T TIMEOUT 45 CONNECT" set login set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 set authname ppp set authkey ppppassword set mrru 1500 clone 1,2,3 # Create 3 new links - duplicates of the default link deflink remove # Delete the default link (called ``deflink'') .Ed .Pp Note how all cloning is done at the end of the configuration. Usually, the link will be configured first, then cloned. If you wish all links to be up all the time, you can add the following line to the end of your configuration. .Bd -literal -offset indent link 1,2,3 set mode ddial .Ed .Pp If you want the links to dial on demand, this command could be used: .Bd -literal -offset indent link * set mode auto .Ed .Pp Links may be tied to specific names by removing the .Dq set device line above, and specifying the following after the .Dq clone command: .Bd -literal -offset indent - link 1 set device /dev/cuad0 - link 2 set device /dev/cuad1 - link 3 set device /dev/cuad2 + link 1 set device /dev/cuau0 + link 2 set device /dev/cuau1 + link 3 set device /dev/cuau2 .Ed .Pp Use the .Dq help command to see which commands require context (using the .Dq link command), which have optional context and which should not have any context. .Pp When .Nm has negotiated .Em MULTI-LINK mode with the peer, it creates a local domain socket in the .Pa /var/run directory. This socket is used to pass link information (including the actual link file descriptor) between different .Nm invocations. This facilitates .Nm Ns No 's ability to be run from a .Xr getty 8 or directly from .Pa /etc/gettydefs (using the .Sq pp= capability), without needing to have initial control of the serial line. Once .Nm negotiates multi-link mode, it will pass its open link to any already running process. If there is no already running process, .Nm will act as the master, creating the socket and listening for new connections. .Sh PPP COMMAND LIST This section lists the available commands and their effect. They are usable either from an interactive .Nm session, from a configuration file or from a .Xr pppctl 8 or .Xr telnet 1 session. .Bl -tag -width 2n .It accept|deny|enable|disable Ar option.... These directives tell .Nm how to negotiate the initial connection with the peer. Each .Dq option has a default of either accept or deny and enable or disable. .Dq Accept means that the option will be ACK'd if the peer asks for it. .Dq Deny means that the option will be NAK'd if the peer asks for it. .Dq Enable means that the option will be requested by us. .Dq Disable means that the option will not be requested by us. .Pp .Dq Option may be one of the following: .Bl -tag -width 2n .It acfcomp Default: Enabled and Accepted. ACFComp stands for Address and Control Field Compression. Non LCP packets will usually have an address field of 0xff (the All-Stations address) and a control field of 0x03 (the Unnumbered Information command). If this option is negotiated, these two bytes are simply not sent, thus minimising traffic. .Pp See .Pa rfc1662 for details. .It chap Ns Op \&05 Default: Disabled and Accepted. CHAP stands for Challenge Handshake Authentication Protocol. Only one of CHAP and PAP (below) may be negotiated. With CHAP, the authenticator sends a "challenge" message to its peer. The peer uses a one-way hash function to encrypt the challenge and sends the result back. The authenticator does the same, and compares the results. The advantage of this mechanism is that no passwords are sent across the connection. A challenge is made when the connection is first made. Subsequent challenges may occur. If you want to have your peer authenticate itself, you must .Dq enable chap . in .Pa /etc/ppp/ppp.conf , and have an entry in .Pa /etc/ppp/ppp.secret for the peer. .Pp When using CHAP as the client, you need only specify .Dq AuthName and .Dq AuthKey in .Pa /etc/ppp/ppp.conf . CHAP is accepted by default. Some .Em PPP implementations use "MS-CHAP" rather than MD5 when encrypting the challenge. MS-CHAP is a combination of MD4 and DES. If .Nm was built on a machine with DES libraries available, it will respond to MS-CHAP authentication requests, but will never request them. .It deflate Default: Enabled and Accepted. This option decides if deflate compression will be used by the Compression Control Protocol (CCP). This is the same algorithm as used by the .Xr gzip 1 program. Note: There is a problem negotiating .Ar deflate capabilities with .Nm pppd - a .Em PPP implementation available under many operating systems. .Nm pppd (version 2.3.1) incorrectly attempts to negotiate .Ar deflate compression using type .Em 24 as the CCP configuration type rather than type .Em 26 as specified in .Pa rfc1979 . Type .Ar 24 is actually specified as .Dq PPP Magna-link Variable Resource Compression in .Pa rfc1975 ! .Nm is capable of negotiating with .Nm pppd , but only if .Dq deflate24 is .Ar enable Ns No d and .Ar accept Ns No ed . .It deflate24 Default: Disabled and Denied. This is a variance of the .Ar deflate option, allowing negotiation with the .Nm pppd program. Refer to the .Ar deflate section above for details. It is disabled by default as it violates .Pa rfc1975 . .It dns Default: Disabled and Denied. This option allows DNS negotiation. .Pp If .Dq enable Ns No d, .Nm will request that the peer confirms the entries in .Pa /etc/resolv.conf . If the peer NAKs our request (suggesting new IP numbers), .Pa /etc/resolv.conf is updated and another request is sent to confirm the new entries. .Pp If .Dq accept Ns No ed, .Nm will answer any DNS queries requested by the peer rather than rejecting them. The answer is taken from .Pa /etc/resolv.conf unless the .Dq set dns command is used as an override. .It enddisc Default: Enabled and Accepted. This option allows control over whether we negotiate an endpoint discriminator. We only send our discriminator if .Dq set enddisc is used and .Ar enddisc is enabled. We reject the peers discriminator if .Ar enddisc is denied. .It LANMan|chap80lm Default: Disabled and Accepted. The use of this authentication protocol is discouraged as it partially violates the authentication protocol by implementing two different mechanisms (LANMan & NT) under the guise of a single CHAP type (0x80). .Dq LANMan uses a simple DES encryption mechanism and is the least secure of the CHAP alternatives (although is still more secure than PAP). .Pp Refer to the .Dq MSChap description below for more details. .It lqr Default: Disabled and Accepted. This option decides if Link Quality Requests will be sent or accepted. LQR is a protocol that allows .Nm to determine that the link is down without relying on the modems carrier detect. When LQR is enabled, .Nm sends the .Em QUALPROTO option (see .Dq set lqrperiod below) as part of the LCP request. If the peer agrees, both sides will exchange LQR packets at the agreed frequency, allowing detailed link quality monitoring by enabling LQM logging. If the peer does not agree, and if the .Dq echo option is enabled, .Nm will send .Em LCP ECHO requests instead. These packets pass no information of interest, but they .Em MUST be replied to by the peer. .Pp Whether using .Em LQR or .Em LCP ECHO , .Nm will abruptly drop the connection if 5 unacknowledged packets have been sent rather than sending a 6th. A message is logged at the .Em PHASE level, and any appropriate .Dq reconnect values are honoured as if the peer were responsible for dropping the connection. .Pp Refer to the .Dq enable echo command description for differences in behaviour prior to .Nm version 3.4.2. .It mppe Default: Enabled and Accepted. This is Microsoft Point to Point Encryption scheme. MPPE key size can be 40-, 56- and 128-bits. Refer to .Dq set mppe command. .It MSChapV2|chap81 Default: Disabled and Accepted. It is very similar to standard CHAP (type 0x05) except that it issues challenges of a fixed 16 bytes in length and uses a combination of MD4, SHA-1 and DES to encrypt the challenge rather than using the standard MD5 mechanism. .It MSChap|chap80nt Default: Disabled and Accepted. The use of this authentication protocol is discouraged as it partially violates the authentication protocol by implementing two different mechanisms (LANMan & NT) under the guise of a single CHAP type (0x80). It is very similar to standard CHAP (type 0x05) except that it issues challenges of a fixed 8 bytes in length and uses a combination of MD4 and DES to encrypt the challenge rather than using the standard MD5 mechanism. CHAP type 0x80 for LANMan is also supported - see .Dq enable LANMan for details. .Pp Because both .Dq LANMan and .Dq NT use CHAP type 0x80, when acting as authenticator with both .Dq enable Ns No d , .Nm will rechallenge the peer up to three times if it responds using the wrong one of the two protocols. This gives the peer a chance to attempt using both protocols. .Pp Conversely, when .Nm acts as the authenticatee with both protocols .Dq accept Ns No ed , the protocols are used alternately in response to challenges. .Pp Note: If only LANMan is enabled, .Nm pppd (version 2.3.5) misbehaves when acting as authenticatee. It provides both the NT and the LANMan answers, but also suggests that only the NT answer should be used. .It pap Default: Disabled and Accepted. PAP stands for Password Authentication Protocol. Only one of PAP and CHAP (above) may be negotiated. With PAP, the ID and Password are sent repeatedly to the peer until authentication is acknowledged or the connection is terminated. This is a rather poor security mechanism. It is only performed when the connection is first established. If you want to have your peer authenticate itself, you must .Dq enable pap . in .Pa /etc/ppp/ppp.conf , and have an entry in .Pa /etc/ppp/ppp.secret for the peer (although see the .Dq passwdauth and .Dq set radius options below). .Pp When using PAP as the client, you need only specify .Dq AuthName and .Dq AuthKey in .Pa /etc/ppp/ppp.conf . PAP is accepted by default. .It pred1 Default: Enabled and Accepted. This option decides if Predictor 1 compression will be used by the Compression Control Protocol (CCP). .It protocomp Default: Enabled and Accepted. This option is used to negotiate PFC (Protocol Field Compression), a mechanism where the protocol field number is reduced to one octet rather than two. .It shortseq Default: Enabled and Accepted. This option determines if .Nm will request and accept requests for short (12 bit) sequence numbers when negotiating multi-link mode. This is only applicable if our MRRU is set (thus enabling multi-link). .It vjcomp Default: Enabled and Accepted. This option determines if Van Jacobson header compression will be used. .El .Pp The following options are not actually negotiated with the peer. Therefore, accepting or denying them makes no sense. .Bl -tag -width 2n .It echo Default: Disabled. When this option is enabled, .Nm will send .Em LCP ECHO requests to the peer at the frequency defined by .Dq echoperiod . Note, .Em LQR requests will supersede .Em LCP ECHO requests if enabled and negotiated. See .Dq set lqrperiod below for details. .Pp Prior to .Nm version 3.4.2, .Dq echo was considered enabled if lqr was enabled and negotiated, otherwise it was considered disabled. For the same behaviour, it is now necessary to .Dq enable lqr echo rather than just .Dq enable lqr . .It filter-decapsulation Default: Disabled. When this option is enabled, .Nm will examine UDP frames to see if they actually contain a .Em PPP frame as their payload. If this is the case, all filters will operate on the payload rather than the actual packet. .Pp This is useful if you want to send PPPoUDP traffic over a .Em PPP link, but want that link to do smart things with the real data rather than the UDP wrapper. .Pp The UDP frame payload must not be compressed in any way, otherwise .Nm will not be able to interpret it. It is therefore recommended that you .Ic disable vj pred1 deflate and .Ic deny vj pred1 deflate in the configuration for the .Nm invocation with the udp link. .It force-scripts Default: Disabled. Forces execution of the configured chat scripts in .Dv direct and .Dv dedicated modes. .It idcheck Default: Enabled. When .Nm exchanges low-level LCP, CCP and IPCP configuration traffic, the .Em Identifier field of any replies is expected to be the same as that of the request. By default, .Nm drops any reply packets that do not contain the expected identifier field, reporting the fact at the respective log level. If .Ar idcheck is disabled, .Nm will ignore the identifier field. .It iface-alias Default: Enabled if .Fl nat is specified. This option simply tells .Nm to add new interface addresses to the interface rather than replacing them. The option can only be enabled if network address translation is enabled .Pq Dq nat enable yes . .Pp With this option enabled, .Nm will pass traffic for old interface addresses through the NAT ifdef({LOCALNAT},{engine,},{engine (see .Xr libalias 3 ) ,}) resulting in the ability (in .Fl auto mode) to properly connect the process that caused the PPP link to come up in the first place. .Pp Disabling NAT with .Dq nat enable no will also disable .Sq iface-alias . .It ipcp Default: Enabled. This option allows .Nm to attempt to negotiate IP control protocol capabilities and if successful to exchange IP datagrams with the peer. .It ipv6cp Default: Enabled. This option allows .Nm to attempt to negotiate IPv6 control protocol capabilities and if successful to exchange IPv6 datagrams with the peer. .It keep-session Default: Disabled. When .Nm runs as a Multi-link server, a different .Nm instance initially receives each connection. After determining that the link belongs to an already existing bundle (controlled by another .Nm invocation), .Nm will transfer the link to that process. .Pp If the link is a tty device or if this option is enabled, .Nm will not exit, but will change its process name to .Dq session owner and wait for the controlling .Nm to finish with the link and deliver a signal back to the idle process. This prevents the confusion that results from .Nm Ns No 's parent considering the link resource available again. .Pp For tty devices that have entries in .Pa /etc/ttys , this is necessary to prevent another .Xr getty 8 from being started, and for program links such as .Xr sshd 8 , it prevents .Xr sshd 8 from exiting due to the death of its child. As .Nm cannot determine its parents requirements (except for the tty case), this option must be enabled manually depending on the circumstances. .It loopback Default: Enabled. When .Ar loopback is enabled, .Nm will automatically loop back packets being sent out with a destination address equal to that of the .Em PPP interface. If disabled, .Nm will send the packet, probably resulting in an ICMP redirect from the other end. It is convenient to have this option enabled when the interface is also the default route as it avoids the necessity of a loopback route. .It NAS-IP-Address Default: Enabled. This option controls whether .Nm sends the .Dq NAS-IP-Address attribute to the RADIUS server when RADIUS is in use .Pq see Dq set radius . .Pp Note, at least one of .Dq NAS-IP-Address and .Dq NAS-Identifier must be enabled. .Pp Versions of .Nm prior to version 3.4.1 did not send the .Dq NAS-IP-Address attribute as it was reported to break the Radiator RADIUS server. As the latest rfc (2865) no longer hints that only one of .Dq NAS-IP-Address and .Dq NAS-Identifier should be sent (as rfc 2138 did), .Nm now sends both and leaves it up to the administrator that chooses to use bad RADIUS implementations to .Dq disable NAS-IP-Address . .It NAS-Identifier Default: Enabled. This option controls whether .Nm sends the .Dq NAS-Identifier attribute to the RADIUS server when RADIUS is in use .Pq see Dq set radius . .Pp Note, at least one of .Dq NAS-IP-Address and .Dq NAS-Identifier must be enabled. .It passwdauth Default: Disabled. Enabling this option will tell the PAP authentication code to use the password database (see .Xr passwd 5 ) to authenticate the caller if they cannot be found in the .Pa /etc/ppp/ppp.secret file. .Pa /etc/ppp/ppp.secret is always checked first. If you wish to use passwords from .Xr passwd 5 , but also to specify an IP number or label for a given client, use .Dq \&* as the client password in .Pa /etc/ppp/ppp.secret . .It proxy Default: Disabled. Enabling this option will tell .Nm to proxy ARP for the peer. This means that .Nm will make an entry in the ARP table using .Dv HISADDR and the .Dv MAC address of the local network in which .Dv HISADDR appears. This allows other machines connecteed to the LAN to talk to the peer as if the peer itself was connected to the LAN. The proxy entry cannot be made unless .Dv HISADDR is an address from a LAN. .It proxyall Default: Disabled. Enabling this will tell .Nm to add proxy arp entries for every IP address in all class C or smaller subnets routed via the tun interface. .Pp Proxy arp entries are only made for sticky routes that are added using the .Dq add command. No proxy arp entries are made for the interface address itself (as created by the .Dq set ifaddr command). .It sroutes Default: Enabled. When the .Dq add command is used with the .Dv HISADDR , .Dv MYADDR , .Dv HISADDR6 or .Dv MYADDR6 values, entries are stored in the .Sq sticky route list. Each time these variables change, this list is re-applied to the routing table. .Pp Disabling this option will prevent the re-application of sticky routes, although the .Sq stick route list will still be maintained. .It Oo tcp Oc Ns No mssfixup Default: Enabled. This option tells .Nm to adjust TCP SYN packets so that the maximum receive segment size is not greater than the amount allowed by the interface MTU. .It throughput Default: Enabled. This option tells .Nm to gather throughput statistics. Input and output is sampled over a rolling 5 second window, and current, best and total figures are retained. This data is output when the relevant .Em PPP layer shuts down, and is also available using the .Dq show command. Throughput statistics are available at the .Dq IPCP and .Dq physical levels. .It utmp Default: Enabled. Normally, when a user is authenticated using PAP or CHAP, and when .Nm is running in .Fl direct mode, an entry is made in the utmp and wtmp files for that user. Disabling this option will tell .Nm not to make any utmp or wtmp entries. This is usually only necessary if you require the user to both login and authenticate themselves. .El .Pp .It add Ns Xo .Op !\& .Ar dest Ns Op / Ns Ar nn .Op Ar mask .Op Ar gateway .Xc .Ar Dest is the destination IP address. The netmask is specified either as a number of bits with .Ar /nn or as an IP number using .Ar mask . .Ar 0 0 or simply .Ar 0 with no mask refers to the default route. It is also possible to use the literal name .Sq default instead of .Ar 0 . .Ar Gateway is the next hop gateway to get to the given .Ar dest machine/network. Refer to the .Xr route 8 command for further details. .Pp It is possible to use the symbolic names .Sq MYADDR , .Sq HISADDR , .Sq MYADDR6 or .Sq HISADDR6 as the destination, and .Sq HISADDR or .Sq HISADDR6 as the .Ar gateway . .Sq MYADDR is replaced with the interface IP address, .Sq HISADDR is replaced with the interface IP destination (peer) address, .Sq MYADDR6 is replaced with the interface IPv6 address, and .Sq HISADDR6 is replaced with the interface IPv6 destination address, .Pp If the .Ar add!\& command is used (note the trailing .Dq !\& ) , then if the route already exists, it will be updated as with the .Sq route change command (see .Xr route 8 for further details). .Pp Routes that contain the .Dq HISADDR , .Dq MYADDR , .Dq HISADDR6 , .Dq MYADDR6 , .Dq DNS0 , or .Dq DNS1 constants are considered .Sq sticky . They are stored in a list (use .Dq show ncp to see the list), and each time the value of one of these variables changes, the appropriate routing table entries are updated. This facility may be disabled using .Dq disable sroutes . .It allow Ar command Op Ar args This command controls access to .Nm and its configuration files. It is possible to allow user-level access, depending on the configuration file label and on the mode that .Nm is being run in. For example, you may wish to configure .Nm so that only user .Sq fred may access label .Sq fredlabel in .Fl background mode. .Pp User id 0 is immune to these commands. .Bl -tag -width 2n .It allow user Ns Xo .Op s .Ar logname Ns No ... .Xc By default, only user id 0 is allowed access to .Nm . If this command is used, all of the listed users are allowed access to the section in which the .Dq allow users command is found. The .Sq default section is always checked first (even though it is only ever automatically loaded at startup). .Dq allow users commands are cumulative in a given section, but users allowed in any given section override users allowed in the default section, so it is possible to allow users access to everything except a given label by specifying default users in the .Sq default section, and then specifying a new user list for that label. .Pp If user .Sq * is specified, access is allowed to all users. .It allow mode Ns Xo .Op s .Ar mode Ns No ... .Xc By default, access using any .Nm mode is possible. If this command is used, it restricts the access .Ar modes allowed to load the label under which this command is specified. Again, as with the .Dq allow users command, each .Dq allow modes command overrides any previous settings, and the .Sq default section is always checked first. .Pp Possible modes are: .Sq interactive , .Sq auto , .Sq direct , .Sq dedicated , .Sq ddial , .Sq background and .Sq * . .Pp When running in multi-link mode, a section can be loaded if it allows .Em any of the currently existing line modes. .El .Pp .It nat Ar command Op Ar args This command allows the control of the network address translation (also known as masquerading or IP aliasing) facilities that are built into .Nm . NAT is done on the external interface only, and is unlikely to make sense if used with the .Fl direct flag. .Pp If nat is enabled on your system (it may be omitted at compile time), the following commands are possible: .Bl -tag -width 2n .It nat enable yes|no This command either switches network address translation on or turns it off. The .Fl nat command line flag is synonymous with .Dq nat enable yes . .It nat addr Op Ar addr_local addr_alias This command allows data for .Ar addr_alias to be redirected to .Ar addr_local . It is useful if you own a small number of real IP numbers that you wish to map to specific machines behind your gateway. .It nat deny_incoming yes|no If set to yes, this command will refuse all incoming packets where an aliasing link does not already exist. ifdef({LOCALNAT},{},{Refer to the .Sx CONCEPTUAL BACKGROUND section of .Xr libalias 3 for a description of what an .Dq aliasing link is. })dnl .Pp It should be noted under what circumstances an aliasing link is ifdef({LOCALNAT},{created.},{created by .Xr libalias 3 .}) It may be necessary to further protect your network from outside connections using the .Dq set filter or .Dq nat target commands. .It nat help|? This command gives a summary of available nat commands. .It nat log yes|no This option causes various NAT statistics and information to be logged to the file .Pa /var/log/alias.log . .It nat port Ar proto Ar targetIP Ns Xo .No : Ns Ar targetPort Ns .Oo .No - Ns Ar targetPort .Oc Ar aliasPort Ns .Oo .No - Ns Ar aliasPort .Oc Oo Ar remoteIP : Ns .Ar remotePort Ns .Oo .No - Ns Ar remotePort .Oc .Oc .Xc This command causes incoming .Ar proto connections to .Ar aliasPort to be redirected to .Ar targetPort on .Ar targetIP . .Ar proto is either .Dq tcp or .Dq udp . .Pp A range of port numbers may be specified as shown above. The ranges must be of the same size. .Pp If .Ar remoteIP is specified, only data coming from that IP number is redirected. .Ar remotePort must either be .Dq 0 (indicating any source port) or a range of ports the same size as the other ranges. .Pp This option is useful if you wish to run things like Internet phone on machines behind your gateway, but is limited in that connections to only one interior machine per source machine and target port are possible. .It nat proto Ar proto localIP Oo .Ar publicIP Op Ar remoteIP .Oc This command tells .Nm to redirect packets of protocol type .Ar proto (see .Xr protocols 5 ) to the internal address .Ar localIP . .Pp If .Ar publicIP is specified, only packets destined for that address are matched, otherwise the default alias address is used. .Pp If .Ar remoteIP is specified, only packets matching that source address are matched, .Pp This command is useful for redirecting tunnel endpoints to an internal machine, for example: .Pp .Dl nat proto ipencap 10.0.0.1 .It "nat proxy cmd" Ar arg Ns No ... This command tells .Nm to proxy certain connections, redirecting them to a given server. ifdef({LOCALNAT},{},{Refer to the description of .Fn PacketAliasProxyRule in .Xr libalias 3 for details of the available commands. })dnl .It nat punch_fw Op Ar base count This command tells .Nm to punch holes in the firewall for FTP or IRC DCC connections. This is done dynamically by installing termporary firewall rules which allow a particular connection (and only that connection) to go through the firewall. The rules are removed once the corresponding connection terminates. .Pp A maximum of .Ar count rules starting from rule number .Ar base will be used for punching firewall holes. The range will be cleared when the .Dq nat punch_fw command is run. .Pp If no arguments are given, firewall punching is disabled. .It nat skinny_port Op Ar port This command tells .Nm which TCP port is used by the Skinny Station protocol. Skinny is used by Cisco IP phones to communicate with Cisco Call Managers to setup voice over IP calls. The typical port used by Skinny is 2000. .Pp If no argument is given, skinny aliasing is disabled. .It nat same_ports yes|no When enabled, this command will tell the network address translation engine to attempt to avoid changing the port number on outgoing packets. This is useful if you want to support protocols such as RPC and LPD which require connections to come from a well known port. .It nat target Op Ar address Set the given target address or clear it if no address is given. The target address is used ifdef({LOCALNAT},{},{by libalias })dnl to specify how to NAT incoming packets by default. If a target address is not set or if .Dq default is given, packets are not altered and are allowed to route to the internal network. .Pp The target address may be set to .Dq MYADDR , in which case ifdef({LOCALNAT},{all packets will be redirected}, {libalias will redirect all packets}) to the interface address. .It nat use_sockets yes|no When enabled, this option tells the network address translation engine to create a socket so that it can guarantee a correct incoming ftp data or IRC connection. .It nat unregistered_only yes|no Only alter outgoing packets with an unregistered source address. According to RFC 1918, unregistered source addresses are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. .El .Pp These commands are also discussed in the file .Pa README.nat which comes with the source distribution. .Pp .It Oo !\& Oc Ns Xo .No bg Ar command .Xc The given .Ar command is executed in the background with the following words replaced: .Bl -tag -width COMPILATIONDATE .It Li AUTHNAME This is replaced with the local .Ar authname value. See the .Dq set authname command below. .It Li COMPILATIONDATE In previous software revisions, this was replaced with the date on which .Nm was compiled. This is no longer supported as it breaks the ability to recompile the same code to produce an exact duplicate of a previous compilation. .It Li DNS0 & DNS1 These are replaced with the primary and secondary nameserver IP numbers. If nameservers are negotiated by IPCP, the values of these macros will change. .It Li ENDDISC This is replaced with the local endpoint discriminator value. See the .Dq set enddisc command below. .It Li HISADDR This is replaced with the peers IP number. .It Li HISADDR6 This is replaced with the peers IPv6 number. .It Li INTERFACE This is replaced with the name of the interface that is in use. .It Li IPOCTETSIN This is replaced with the number of IP bytes received since the connection was established. .It Li IPOCTETSOUT This is replaced with the number of IP bytes sent since the connection was established. .It Li IPPACKETSIN This is replaced with the number of IP packets received since the connection was established. .It Li IPPACKETSOUT This is replaced with the number of IP packets sent since the connection was established. .It Li IPV6OCTETSIN This is replaced with the number of IPv6 bytes received since the connection was established. .It Li IPV6OCTETSOUT This is replaced with the number of IPv6 bytes sent since the connection was established. .It Li IPV6PACKETSIN This is replaced with the number of IPv6 packets received since the connection was established. .It Li IPV6PACKETSOUT This is replaced with the number of IPv6 packets sent since the connection was established. .It Li LABEL This is replaced with the last label name used. A label may be specified on the .Nm command line, via the .Dq load or .Dq dial commands and in the .Pa ppp.secret file. .It Li MYADDR This is replaced with the IP number assigned to the local interface. .It Li MYADDR6 This is replaced with the IPv6 number assigned to the local interface. .It Li OCTETSIN This is replaced with the number of bytes received since the connection was established. .It Li OCTETSOUT This is replaced with the number of bytes sent since the connection was established. .It Li PACKETSIN This is replaced with the number of packets received since the connection was established. .It Li PACKETSOUT This is replaced with the number of packets sent since the connection was established. .It Li PEER_ENDDISC This is replaced with the value of the peers endpoint discriminator. .It Li PROCESSID This is replaced with the current process id. .It Li SOCKNAME This is replaced with the name of the diagnostic socket. .It Li UPTIME This is replaced with the bundle uptime in HH:MM:SS format. .It Li USER This is replaced with the username that has been authenticated with PAP or CHAP. Normally, this variable is assigned only in -direct mode. This value is available irrespective of whether utmp logging is enabled. .It Li VERSION This is replaced with the current version number of .Nm . .El .Pp These substitutions are also done by the .Dq set proctitle , .Dq ident and .Dq log commands. .Pp If you wish to pause .Nm while the command executes, use the .Dq shell command instead. .It clear physical|ipcp|ipv6 Op current|overall|peak... Clear the specified throughput values at either the .Dq physical , .Dq ipcp or .Dq ipv6cp level. If .Dq physical is specified, context must be given (see the .Dq link command below). If no second argument is given, all values are cleared. .It clone Ar name Ns Xo .Op \&, Ns Ar name Ns .No ... .Xc Clone the specified link, creating one or more new links according to the .Ar name argument(s). This command must be used from the .Dq link command below unless you have only got a single link (in which case that link becomes the default). Links may be removed using the .Dq remove command below. .Pp The default link name is .Dq deflink . .It close Op lcp|ccp Ns Op !\& If no arguments are given, the relevant protocol layers will be brought down and the link will be closed. If .Dq lcp is specified, the LCP layer is brought down, but .Nm will not bring the link offline. It is subsequently possible to use .Dq term (see below) to talk to the peer machine if, for example, something like .Dq slirp is being used. If .Dq ccp is specified, only the relevant compression layer is closed. If the .Dq !\& is used, the compression layer will remain in the closed state, otherwise it will re-enter the STOPPED state, waiting for the peer to initiate further CCP negotiation. In any event, this command does not disconnect the user from .Nm or exit .Nm . See the .Dq quit command below. .It delete Ns Xo .Op !\& .Ar dest .Xc This command deletes the route with the given .Ar dest IP address. If .Ar dest is specified as .Sq ALL , all non-direct entries in the routing table for the current interface, and all .Sq sticky route entries are deleted. If .Ar dest is specified as .Sq default , the default route is deleted. .Pp If the .Ar delete!\& command is used (note the trailing .Dq !\& ) , .Nm will not complain if the route does not already exist. .It dial|call Oo Ar label Oc Ns Xo .No ... .Xc This command is the equivalent of .Dq load label followed by .Dq open , and is provided for backwards compatibility. .It down Op Ar lcp|ccp Bring the relevant layer down ungracefully, as if the underlying layer had become unavailable. It is not considered polite to use this command on a Finite State Machine that is in the OPEN state. If no arguments are supplied, the entire link is closed (or if no context is given, all links are terminated). If .Sq lcp is specified, the .Em LCP layer is terminated but the device is not brought offline and the link is not closed. If .Sq ccp is specified, only the relevant compression layer(s) are terminated. .It help|? Op Ar command Show a list of available commands. If .Ar command is specified, show the usage string for that command. .It ident Op Ar text Ns No ... Identify the link to the peer using .Ar text . If .Ar text is empty, link identification is disabled. It is possible to use any of the words described for the .Ic bg command above. Refer to the .Ic sendident command for details of when .Nm identifies itself to the peer. .It iface Ar command Op args This command is used to control the interface used by .Nm . .Ar Command may be one of the following: .Bl -tag -width 2n .It iface add Ns Xo .Op !\& .Ar addr Ns Op / Ns Ar bits .Op Ar peer .Xc .It iface add Ns Xo .Op !\& .Ar addr .Ar mask .Ar peer .Xc Add the given .Ar addr mask peer combination to the interface. Instead of specifying .Ar mask , .Ar /bits can be used (with no space between it and .Ar addr ) . If the given address already exists, the command fails unless the .Dq !\& is used - in which case the previous interface address entry is overwritten with the new one, allowing a change of netmask or peer address. .Pp If only .Ar addr is specified, .Ar bits defaults to .Dq 32 and .Ar peer defaults to .Dq 255.255.255.255 . This address (the broadcast address) is the only duplicate peer address that .Nm allows. .It iface clear Op INET | INET6 If this command is used while .Nm is in the OPENED state or while in .Fl auto mode, all addresses except for the NCP negotiated address are deleted from the interface. If .Nm is not in the OPENED state and is not in .Fl auto mode, all interface addresses are deleted. .Pp If the INET or INET6 arguments are used, only addresses for that address family are cleared. .Pp .It iface delete Ns Xo .Op !\& Ns .No |rm Ns Op !\& .Ar addr .Xc This command deletes the given .Ar addr from the interface. If the .Dq !\& is used, no error is given if the address is not currently assigned to the interface (and no deletion takes place). .It iface name Ar name Renames the interface to .Ar name . .It iface description Ar description Sets the interface description to .Ar description . Useful if you have many interfaces on your system. .It iface show Shows the current state and current addresses for the interface. It is much the same as running .Dq ifconfig INTERFACE . .It iface help Op Ar sub-command This command, when invoked without .Ar sub-command , will show a list of possible .Dq iface sub-commands and a brief synopsis for each. When invoked with .Ar sub-command , only the synopsis for the given sub-command is shown. .El .It Oo data Oc Ns Xo .No link .Ar name Ns Oo , Ns Ar name Oc Ns ... Ar command Op Ar args .Xc This command may prefix any other command if the user wishes to specify which link the command should affect. This is only applicable after multiple links have been created in Multi-link mode using the .Dq clone command. .Pp .Ar Name specifies the name of an existing link. If .Ar name is a comma separated list, .Ar command is executed on each link. If .Ar name is .Dq * , .Ar command is executed on all links. .It load Oo Ar label Oc Ns Xo .No ... .Xc Load the given .Ar label Ns No (s) from the .Pa ppp.conf file. If .Ar label is not given, the .Ar default label is used. .Pp Unless the .Ar label section uses the .Dq set mode , .Dq open or .Dq dial commands, .Nm will not attempt to make an immediate connection. .It log Ar word Ns No ... Send the given word(s) to the log file with the prefix .Dq LOG: . Word substitutions are done as explained under the .Dq !bg command above. .It open Op lcp|ccp|ipcp This is the opposite of the .Dq close command. All closed links are immediately brought up apart from second and subsequent .Ar demand-dial links - these will come up based on the .Dq set autoload command that has been used. .Pp If the .Dq lcp argument is used while the LCP layer is already open, LCP will be renegotiated. This allows various LCP options to be changed, after which .Dq open lcp can be used to put them into effect. After renegotiating LCP, any agreed authentication will also take place. .Pp If the .Dq ccp argument is used, the relevant compression layer is opened. Again, if it is already open, it will be renegotiated. .Pp If the .Dq ipcp argument is used, the link will be brought up as normal, but if IPCP is already open, it will be renegotiated and the network interface will be reconfigured. .Pp It is probably not good practice to re-open the PPP state machines like this as it is possible that the peer will not behave correctly. It .Em is however useful as a way of forcing the CCP or VJ dictionaries to be reset. .It passwd Ar pass Specify the password required for access to the full .Nm command set. This password is required when connecting to the diagnostic port (see the .Dq set server command). .Ar Pass is specified on the .Dq set server command line. The value of .Ar pass is not logged when .Ar command logging is active, instead, the literal string .Sq ******** is logged. .It quit|bye Op all If .Dq quit is executed from the controlling connection or from a command file, ppp will exit after closing all connections. Otherwise, if the user is connected to a diagnostic socket, the connection is simply dropped. .Pp If the .Ar all argument is given, .Nm will exit despite the source of the command after closing all existing connections. .It remove|rm This command removes the given link. It is only really useful in multi-link mode. A link must be in the .Dv CLOSED state before it is removed. .It rename|mv Ar name This command renames the given link to .Ar name . It will fail if .Ar name is already used by another link. .Pp The default link name is .Sq deflink . Renaming it to .Sq modem , -.Sq cuad0 +.Sq cuau0 or .Sq USR may make the log file more readable. .It resolv Ar command This command controls .Nm Ns No 's manipulation of the .Xr resolv.conf 5 file. When .Nm starts up, it loads the contents of this file into memory and retains this image for future use. .Ar command is one of the following: .Bl -tag -width readonly .It Em readonly Treat .Pa /etc/resolv.conf as read only. If .Dq dns is enabled, .Nm will still attempt to negotiate nameservers with the peer, making the results available via the .Dv DNS0 and .Dv DNS1 macros. This is the opposite of the .Dq resolv writable command. .It Em reload Reload .Pa /etc/resolv.conf into memory. This may be necessary if for example a DHCP client overwrote .Pa /etc/resolv.conf . .It Em restore Replace .Pa /etc/resolv.conf with the version originally read at startup or with the last .Dq resolv reload command. This is sometimes a useful command to put in the .Pa /etc/ppp/ppp.linkdown file. .It Em rewrite Rewrite the .Pa /etc/resolv.conf file. This command will work even if the .Dq resolv readonly command has been used. It may be useful as a command in the .Pa /etc/ppp/ppp.linkup file if you wish to defer updating .Pa /etc/resolv.conf until after other commands have finished. .It Em writable Allow .Nm to update .Pa /etc/resolv.conf if .Dq dns is enabled and .Nm successfully negotiates a DNS. This is the opposite of the .Dq resolv readonly command. .El .It save This option is not (yet) implemented. .It sendident This command tells .Nm to identify itself to the peer. The link must be in LCP state or higher. If no identity has been set (via the .Ic ident command), .Ic sendident will fail. .Pp When an identity has been set, .Nm will automatically identify itself when it sends or receives a configure reject, when negotiation fails or when LCP reaches the opened state. .Pp Received identification packets are logged to the LCP log (see .Ic set log for details) and are never responded to. .It set Ns Xo .Op up .Ar var value .Xc This option allows the setting of any of the following variables: .Bl -tag -width 2n .It set accmap Ar hex-value ACCMap stands for Asynchronous Control Character Map. This is always negotiated with the peer, and defaults to a value of 00000000 in hex. This protocol is required to defeat hardware that depends on passing certain characters from end to end (such as XON/XOFF etc). .Pp For the XON/XOFF scenario, use .Dq set accmap 000a0000 . .It set Oo auth Oc Ns Xo .No key Ar value .Xc This sets the authentication key (or password) used in client mode PAP or CHAP negotiation to the given value. It also specifies the password to be used in the dial or login scripts in place of the .Sq \eP sequence, preventing the actual password from being logged. If .Ar command or .Ar chat logging is in effect, .Ar value is logged as .Sq ******** for security reasons. .Pp If the first character of .Ar value is an exclamation mark .Pq Dq !\& , .Nm treats the remainder of the string as a program that must be executed to determine the .Dq authname and .Dq authkey values. .Pp If the .Dq !\& is doubled up (to .Dq !! ) , it is treated as a single literal .Dq !\& , otherwise, ignoring the .Dq !\& , .Ar value is parsed as a program to execute in the same was as the .Dq !bg command above, substituting special names in the same manner. Once executed, .Nm will feed the program three lines of input, each terminated by a newline character: .Bl -bullet .It The host name as sent in the CHAP challenge. .It The challenge string as sent in the CHAP challenge. .It The locally defined .Dq authname . .El .Pp Two lines of output are expected: .Bl -bullet .It The .Dq authname to be sent with the CHAP response. .It The .Dq authkey , which is encrypted with the challenge and request id, the answer being sent in the CHAP response packet. .El .Pp When configuring .Nm in this manner, it is expected that the host challenge is a series of ASCII digits or characters. An encryption device or Secure ID card is usually required to calculate the secret appropriate for the given challenge. .It set authname Ar id This sets the authentication id used in client mode PAP or CHAP negotiation. .Pp If used in .Fl direct mode with CHAP enabled, .Ar id is used in the initial authentication challenge and should normally be set to the local machine name. .It set autoload Xo .Ar min-percent max-percent period .Xc These settings apply only in multi-link mode and default to zero, zero and five respectively. When more than one .Ar demand-dial (also known as .Fl auto ) mode link is available, only the first link is made active when .Nm first reads data from the tun device. The next .Ar demand-dial link will be opened only when the current bundle throughput is at least .Ar max-percent percent of the total bundle bandwidth for .Ar period seconds. When the current bundle throughput decreases to .Ar min-percent percent or less of the total bundle bandwidth for .Ar period seconds, a .Ar demand-dial link will be brought down as long as it is not the last active link. .Pp Bundle throughput is measured as the maximum of inbound and outbound traffic. .Pp The default values cause .Ar demand-dial links to simply come up one at a time. .Pp Certain devices cannot determine their physical bandwidth, so it is sometimes necessary to use the .Dq set bandwidth command (described below) to make .Dq set autoload work correctly. .It set bandwidth Ar value This command sets the connection bandwidth in bits per second. .Ar value must be greater than zero. It is currently only used by the .Dq set autoload command above. .It set callback Ar option Ns No ... If no arguments are given, callback is disabled, otherwise, .Nm will request (or in .Fl direct mode, will accept) one of the given .Ar option Ns No s . In client mode, if an .Ar option is NAK'd .Nm will request a different .Ar option , until no options remain at which point .Nm will terminate negotiations (unless .Dq none is one of the specified .Ar option ) . In server mode, .Nm will accept any of the given protocols - but the client .Em must request one of them. If you wish callback to be optional, you must {include} .Ar none as an option. .Pp The .Ar option Ns No s are as follows (in this order of preference): .Bl -tag -width Ds .It auth The callee is expected to decide the callback number based on authentication. If .Nm is the callee, the number should be specified as the fifth field of the peers entry in .Pa /etc/ppp/ppp.secret . .It cbcp Microsoft's callback control protocol is used. See .Dq set cbcp below. .Pp If you wish to negotiate .Ar cbcp in client mode but also wish to allow the server to request no callback at CBCP negotiation time, you must specify both .Ar cbcp and .Ar none as callback options. .It E.164 *| Ns Xo .Ar number Ns Op , Ns Ar number Ns .No ... .Xc The caller specifies the .Ar number . If .Nm is the callee, .Ar number should be either a comma separated list of allowable numbers or a .Dq \&* , meaning any number is permitted. If .Nm is the caller, only a single number should be specified. .Pp Note, this option is very unsafe when used with a .Dq \&* as a malicious caller can tell .Nm to call any (possibly international) number without first authenticating themselves. .It none If the peer does not wish to do callback at all, .Nm will accept the fact and continue without callback rather than terminating the connection. This is required (in addition to one or more other callback options) if you wish callback to be optional. .El .Pp .It set cbcp Oo .No *| Ns Ar number Ns Oo .No , Ns Ar number Ns ...\& Oc .Op Ar delay Op Ar retry .Oc If no arguments are given, CBCP (Microsoft's CallBack Control Protocol) is disabled - ie, configuring CBCP in the .Dq set callback command will result in .Nm requesting no callback in the CBCP phase. Otherwise, .Nm attempts to use the given phone .Ar number Ns No (s). .Pp In server mode .Pq Fl direct , .Nm will insist that the client uses one of these numbers, unless .Dq \&* is used in which case the client is expected to specify the number. .Pp In client mode, .Nm will attempt to use one of the given numbers (whichever it finds to be agreeable with the peer), or if .Dq \&* is specified, .Nm will expect the peer to specify the number. .It set cd Oo .No off| Ns Ar seconds Ns Op !\& .Oc Normally, .Nm checks for the existence of carrier depending on the type of device that has been opened: .Bl -tag -width XXX -offset XXX .It Terminal Devices Carrier is checked one second after the login script is complete. If it is not set, .Nm assumes that this is because the device does not support carrier (which is true for most .Dq laplink NULL-modem cables), logs the fact and stops checking for carrier. .Pp As ptys do not support the TIOCMGET ioctl, the tty device will switch all carrier detection off when it detects that the device is a pty. .It PPPoE (netgraph) Devices Carrier is checked once per second for 5 seconds. If it is not set after the fifth second, the connection attempt is considered to have failed and the device is closed. Carrier is always required for PPPoE devices. .El .Pp All other device types do not support carrier. Setting a carrier value will result in a warning when the device is opened. .Pp Some modems take more than one second after connecting to assert the carrier signal. If this delay is not increased, this will result in .Nm Ns No 's inability to detect when the link is dropped, as .Nm assumes that the device is not asserting carrier. .Pp The .Dq set cd command overrides the default carrier behaviour. .Ar seconds specifies the maximum number of seconds that .Nm should wait after the dial script has finished before deciding if carrier is available or not. .Pp If .Dq off is specified, .Nm will not check for carrier on the device, otherwise .Nm will not proceed to the login script until either carrier is detected or until .Ar seconds has elapsed, at which point .Nm assumes that the device will not set carrier. .Pp If no arguments are given, carrier settings will go back to their default values. .Pp If .Ar seconds is followed immediately by an exclamation mark .Pq Dq !\& , .Nm will .Em require carrier. If carrier is not detected after .Ar seconds seconds, the link will be disconnected. .It set choked Op Ar timeout This sets the number of seconds that .Nm will keep a choked output queue before dropping all pending output packets. If .Ar timeout is less than or equal to zero or if .Ar timeout is not specified, it is set to the default value of .Em 120 seconds . .Pp A choked output queue occurs when .Nm has read a certain number of packets from the local network for transmission, but cannot send the data due to link failure (the peer is busy etc.). .Nm will not read packets indefinitely. Instead, it reads up to .Em 30 packets (or .Em 30 No + .Em nlinks No * .Em 2 packets in multi-link mode), then stops reading the network interface until either .Ar timeout seconds have passed or at least one packet has been sent. .Pp If .Ar timeout seconds pass, all pending output packets are dropped. .It set ctsrts|crtscts on|off This sets hardware flow control. Hardware flow control is .Ar on by default. .It set deflate Ar out-winsize Op Ar in-winsize This sets the DEFLATE algorithms default outgoing and incoming window sizes. Both .Ar out-winsize and .Ar in-winsize must be values between .Em 8 and .Em 15 . If .Ar in-winsize is specified, .Nm will insist that this window size is used and will not accept any other values from the peer. .It set dns Op Ar primary Op Ar secondary This command specifies DNS overrides for the .Dq accept dns command. Refer to the .Dq accept command description above for details. This command does not affect the IP numbers requested using .Dq enable dns . .It set device|line Xo .Ar value Ns No ... .Xc This sets the device(s) to which .Nm will talk to the given .Dq value . .Pp All serial device names are expected to begin with .Pa /dev/ . Serial devices are usually called .Pa cuaXX . .Pp If .Dq value does not begin with .Pa /dev/ , it must either begin with an exclamation mark .Pq Dq !\& , be of the format .No PPPoE: Ns Ar iface Ns Xo .Op \&: Ns Ar provider Ns .Xc (on .Xr netgraph 4 enabled systems), or be of the format .Sm off .Ar host : port Op /tcp|udp . .Sm on .Pp If it begins with an exclamation mark, the rest of the device name is treated as a program name, and that program is executed when the device is opened. Standard input, output and error are fed back to .Nm and are read and written as if they were a regular device. .Pp If a .No PPPoE: Ns Ar iface Ns Xo .Op \&: Ns Ar provider Ns .Xc specification is given, .Nm will attempt to create a .Em PPP over Ethernet connection using the given .Ar iface interface by using .Xr netgraph 4 . If .Xr netgraph 4 is not available, .Nm will attempt to load it using .Xr kldload 2 . If this fails, an external program must be used such as the .Xr pppoed 8 program available under .Ox . The given .Ar provider is passed as the service name in the PPPoE Discovery Initiation (PADI) packet. If no provider is given, an empty value will be used. .Pp When a PPPoE connection is established, .Nm will place the name of the Access Concentrator in the environment variable .Ev ACNAME . .Pp Refer to .Xr netgraph 4 and .Xr ng_pppoe 4 for further details. .Pp If a .Ar host Ns No : Ns Ar port Ns Oo .No /tcp|udp .Oc specification is given, .Nm will attempt to connect to the given .Ar host on the given .Ar port . If a .Dq /tcp or .Dq /udp suffix is not provided, the default is .Dq /tcp . Refer to the section on .Em PPP OVER TCP and UDP above for further details. .Pp If multiple .Dq values are specified, .Nm will attempt to open each one in turn until it succeeds or runs out of devices. .It set dial Ar chat-script This specifies the chat script that will be used to dial the other side. See also the .Dq set login command below. Refer to .Xr chat 8 and to the example configuration files for details of the chat script format. It is possible to specify some special .Sq values in your chat script as follows: .Bl -tag -width 2n .It Li \ec When used as the last character in a .Sq send string, this indicates that a newline should not be appended. .It Li \ed When the chat script encounters this sequence, it delays two seconds. .It Li \ep When the chat script encounters this sequence, it delays for one quarter of a second. .It Li \en This is replaced with a newline character. .It Li \er This is replaced with a carriage return character. .It Li \es This is replaced with a space character. .It Li \et This is replaced with a tab character. .It Li \eT This is replaced by the current phone number (see .Dq set phone below). .It Li \eP This is replaced by the current .Ar authkey value (see .Dq set authkey above). .It Li \eU This is replaced by the current .Ar authname value (see .Dq set authname above). .El .Pp Note that two parsers will examine these escape sequences, so in order to have the .Sq chat parser see the escape character, it is necessary to escape it from the .Sq command parser . This means that in practice you should use two escapes, for example: .Bd -literal -offset indent set dial "... ATDT\\\\T CONNECT" .Ed .Pp It is also possible to execute external commands from the chat script. To do this, the first character of the expect or send string is an exclamation mark .Pq Dq !\& . If a literal exclamation mark is required, double it up to .Dq !!\& and it will be treated as a single literal .Dq !\& . When the command is executed, standard input and standard output are directed to the open device (see the .Dq set device command), and standard error is read by .Nm and substituted as the expect or send string. If .Nm is running in interactive mode, file descriptor 3 is attached to .Pa /dev/tty . .Pp For example (wrapped for readability): .Bd -literal -offset indent set login "TIMEOUT 5 \\"\\" \\"\\" login:--login: ppp \e word: ppp \\"!sh \\\\-c \\\\\\"echo \\\\-n label: >&2\\\\\\"\\" \e \\"!/bin/echo in\\" HELLO" .Ed .Pp would result in the following chat sequence (output using the .Sq set log local chat command before dialing): .Bd -literal -offset indent Dial attempt 1 of 1 dial OK! Chat: Expecting: Chat: Sending: Chat: Expecting: login:--login: Chat: Wait for (5): login: Chat: Sending: ppp Chat: Expecting: word: Chat: Wait for (5): word: Chat: Sending: ppp Chat: Expecting: !sh \\-c "echo \\-n label: >&2" Chat: Exec: sh -c "echo -n label: >&2" Chat: Wait for (5): !sh \\-c "echo \\-n label: >&2" --> label: Chat: Exec: /bin/echo in Chat: Sending: Chat: Expecting: HELLO Chat: Wait for (5): HELLO login OK! .Ed .Pp Note (again) the use of the escape character, allowing many levels of nesting. Here, there are four parsers at work. The first parses the original line, reading it as three arguments. The second parses the third argument, reading it as 11 arguments. At this point, it is important that the .Dq \&- signs are escaped, otherwise this parser will see them as constituting an expect-send-expect sequence. When the .Dq !\& character is seen, the execution parser reads the first command as three arguments, and then .Xr sh 1 itself expands the argument after the .Fl c . As we wish to send the output back to the modem, in the first example we redirect our output to file descriptor 2 (stderr) so that .Nm itself sends and logs it, and in the second example, we just output to stdout, which is attached directly to the modem. .Pp This, of course means that it is possible to execute an entirely external .Dq chat command rather than using the internal one. See .Xr chat 8 for a good alternative. .Pp The external command that is executed is subjected to the same special word expansions as the .Dq !bg command. .It set enddisc Op label|IP|MAC|magic|psn value This command sets our local endpoint discriminator. If set prior to LCP negotiation, and if no .Dq disable enddisc command has been used, .Nm will send the information to the peer using the LCP endpoint discriminator option. The following discriminators may be set: .Bl -tag -width indent .It Li label The current label is used. .It Li IP Our local IP number is used. As LCP is negotiated prior to IPCP, it is possible that the IPCP layer will subsequently change this value. If it does, the endpoint discriminator stays at the old value unless manually reset. .It Li MAC This is similar to the .Ar IP option above, except that the MAC address associated with the local IP number is used. If the local IP number is not resident on any Ethernet interface, the command will fail. .Pp As the local IP number defaults to whatever the machine host name is, .Dq set enddisc mac is usually done prior to any .Dq set ifaddr commands. .It Li magic A 20 digit random number is used. Care should be taken when using magic numbers as restarting .Nm or creating a link using a different .Nm invocation will also use a different magic number and will therefore not be recognised by the peer as belonging to the same bundle. This makes it unsuitable for .Fl direct connections. .It Li psn Ar value The given .Ar value is used. .Ar Value should be set to an absolute public switched network number with the country code first. .El .Pp If no arguments are given, the endpoint discriminator is reset. .It set escape Ar value... This option is similar to the .Dq set accmap option above. It allows the user to specify a set of characters that will be .Sq escaped as they travel across the link. .It set filter dial|alive|in|out Ar rule-no Xo .No permit|deny|clear| Ns Ar rule-no .Op !\& .Oo Op host .Ar src_addr Ns Op / Ns Ar width .Op Ar dst_addr Ns Op / Ns Ar width .Oc [ Ns Ar proto .Op src lt|eq|gt Ar port .Op dst lt|eq|gt Ar port .Op estab .Op syn .Op finrst .Op timeout Ar secs ] .Xc .Nm supports four filter sets. The .Em alive filter specifies packets that keep the connection alive - resetting the idle timer. The .Em dial filter specifies packets that cause .Nm to dial when in .Fl auto mode. The .Em in filter specifies packets that are allowed to travel into the machine and the .Em out filter specifies packets that are allowed out of the machine. .Pp Filtering is done prior to any IP alterations that might be done by the NAT engine on outgoing packets and after any IP alterations that might be done by the NAT engine on incoming packets. By default all empty filter sets allow all packets to pass. Rules are processed in order according to .Ar rule-no (unless skipped by specifying a rule number as the .Ar action ) . Up to 40 rules may be given for each set. If a packet does not match any of the rules in a given set, it is discarded. In the case of .Em in and .Em out filters, this means that the packet is dropped. In the case of .Em alive filters it means that the packet will not reset the idle timer (even if the .Ar in Ns No / Ns Ar out filter has a .Dq timeout value) and in the case of .Em dial filters it means that the packet will not trigger a dial. A packet failing to trigger a dial will be dropped rather than queued. Refer to the section on .Sx PACKET FILTERING above for further details. .It set hangup Ar chat-script This specifies the chat script that will be used to reset the device before it is closed. It should not normally be necessary, but can be used for devices that fail to reset themselves properly on close. .It set help|? Op Ar command This command gives a summary of available set commands, or if .Ar command is specified, the command usage is shown. .It set ifaddr Oo Ar myaddr Ns .Op / Ns Ar \&nn .Oo Ar hisaddr Ns Op / Ns Ar \&nn .Oo Ar netmask .Op Ar triggeraddr .Oc Oc .Oc This command specifies the IP addresses that will be used during IPCP negotiation. Addresses are specified using the format .Pp .Dl a.b.c.d/nn .Pp Where .Dq a.b.c.d is the preferred IP, but .Ar nn specifies how many bits of the address we will insist on. If .No / Ns Ar nn is omitted, it defaults to .Dq /32 unless the IP address is 0.0.0.0 in which case it defaults to .Dq /0 . .Pp If you wish to assign a dynamic IP number to the peer, .Ar hisaddr may also be specified as a range of IP numbers in the format .Bd -ragged -offset indent .Ar \&IP Ns Oo \&- Ns Ar \&IP Ns Oc Ns Oo , Ns Ar \&IP Ns .Oo \&- Ns Ar \&IP Ns Oc Oc Ns ... .Ed .Pp for example: .Pp .Dl set ifaddr 10.0.0.1 10.0.1.2-10.0.1.10,10.0.1.20 .Pp will only negotiate .Dq 10.0.0.1 as the local IP number, but may assign any of the given 10 IP numbers to the peer. If the peer requests one of these numbers, and that number is not already in use, .Nm will grant the peers request. This is useful if the peer wants to re-establish a link using the same IP number as was previously allocated (thus maintaining any existing tcp or udp connections). .Pp If the peer requests an IP number that is either outside of this range or is already in use, .Nm will suggest a random unused IP number from the range. .Pp If .Ar triggeraddr is specified, it is used in place of .Ar myaddr in the initial IPCP negotiation. However, only an address in the .Ar myaddr range will be accepted. This is useful when negotiating with some .Dv PPP implementations that will not assign an IP number unless their peer requests .Dq 0.0.0.0 . .Pp It should be noted that in .Fl auto mode, .Nm will configure the interface immediately upon reading the .Dq set ifaddr line in the config file. In any other mode, these values are just used for IPCP negotiations, and the interface is not configured until the IPCP layer is up. .Pp Note that the .Ar HISADDR argument may be overridden by the third field in the .Pa ppp.secret file once the client has authenticated itself (if PAP or CHAP are .Dq enabled ) . Refer to the .Sx AUTHENTICATING INCOMING CONNECTIONS section for details. .Pp In all cases, if the interface is already configured, .Nm will try to maintain the interface IP numbers so that any existing bound sockets will remain valid. .It set ifqueue Ar packets Set the maximum number of packets that .Nm will read from the tunnel interface while data cannot be sent to any of the available links. This queue limit is necessary to flow control outgoing data as the tunnel interface is likely to be far faster than the combined links available to .Nm . .Pp If .Ar packets is set to a value less than the number of links, .Nm will read up to that value regardless. This prevents any possible latency problems. .Pp The default value for .Ar packets is .Dq 30 . .It set ccpretry|ccpretries Oo Ar timeout .Op Ar reqtries Op Ar trmtries .Oc .It set chapretry|chapretries Oo Ar timeout .Op Ar reqtries .Oc .It set ipcpretry|ipcpretries Oo Ar timeout .Op Ar reqtries Op Ar trmtries .Oc .It set ipv6cpretry|ipv6cpretries Oo Ar timeout .Op Ar reqtries Op Ar trmtries .Oc .It set lcpretry|lcpretries Oo Ar timeout .Op Ar reqtries Op Ar trmtries .Oc .It set papretry|papretries Oo Ar timeout .Op Ar reqtries .Oc These commands set the number of seconds that .Nm will wait before resending Finite State Machine (FSM) Request packets. The default .Ar timeout for all FSMs is 3 seconds (which should suffice in most cases). .Pp If .Ar reqtries is specified, it tells .Nm how many configuration request attempts it should make while receiving no reply from the peer before giving up. The default is 5 attempts for CCP, LCP and IPCP and 3 attempts for PAP and CHAP. .Pp If .Ar trmtries is specified, it tells .Nm how many terminate requests should be sent before giving up waiting for the peers response. The default is 3 attempts. Authentication protocols are not terminated and it is therefore invalid to specify .Ar trmtries for PAP or CHAP. .Pp In order to avoid negotiations with the peer that will never converge, .Nm will only send at most 3 times the configured number of .Ar reqtries in any given negotiation session before giving up and closing that layer. .It set log Xo .Op local .Op +|- Ns .Ar value Ns No ... .Xc This command allows the adjustment of the current log level. Refer to the Logging Facility section for further details. .It set login Ar chat-script This .Ar chat-script compliments the dial-script. If both are specified, the login script will be executed after the dial script. Escape sequences available in the dial script are also available here. .It set logout Ar chat-script This specifies the chat script that will be used to logout before the hangup script is called. It should not normally be necessary. .It set lqrperiod|echoperiod Ar frequency This command sets the .Ar frequency in seconds at which .Em LQR or .Em LCP ECHO packets are sent. The default is 30 seconds. You must also use the .Dq enable lqr and/or .Dq enable echo commands if you wish to send .Em LQR or .Em LCP ECHO requests to the peer. .It set mode Ar interactive|auto|ddial|background This command allows you to change the .Sq mode of the specified link. This is normally only useful in multi-link mode, but may also be used in uni-link mode. .Pp It is not possible to change a link that is .Sq direct or .Sq dedicated . .Pp Note: If you issue the command .Dq set mode auto , and have network address translation enabled, it may be useful to .Dq enable iface-alias afterwards. This will allow .Nm to do the necessary address translations to enable the process that triggers the connection to connect once the link is up despite the peer assigning us a new (dynamic) IP address. .It set mppe Op 40|56|128|* Op stateless|stateful|* This option selects the encryption parameters used when negotiation MPPE. MPPE can be disabled entirely with the .Dq disable mppe command. If no arguments are given, .Nm will attempt to negotiate a stateful link with a 128 bit key, but will agree to whatever the peer requests (including no encryption at all). .Pp If any arguments are given, .Nm will .Em insist on using MPPE and will close the link if it is rejected by the peer (Note; this behaviour can be overridden by a configured RADIUS server). .Pp The first argument specifies the number of bits that .Nm should insist on during negotiations and the second specifies whether .Nm should insist on stateful or stateless mode. In stateless mode, the encryption dictionary is re-initialised with every packet according to an encryption key that is changed with every packet. In stateful mode, the encryption dictionary is re-initialised every 256 packets or after the loss of any data and the key is changed every 256 packets. Stateless mode is less efficient but is better for unreliable transport layers. .It set mrru Op Ar value Setting this option enables Multi-link PPP negotiations, also known as Multi-link Protocol or MP. There is no default MRRU (Maximum Reconstructed Receive Unit) value. If no argument is given, multi-link mode is disabled. .It set mru Xo .Op max Ns Op imum .Op Ar value .Xc The default MRU (Maximum Receive Unit) is 1500. If it is increased, the other side *may* increase its MTU. In theory there is no point in decreasing the MRU to below the default as the .Em PPP protocol says implementations *must* be able to accept packets of at least 1500 octets. .Pp If the .Dq maximum keyword is used, .Nm will refuse to negotiate a higher value. The maximum MRU can be set to 2048 at most. Setting a maximum of less than 1500 violates the .Em PPP rfc, but may sometimes be necessary. For example, .Em PPPoE imposes a maximum of 1492 due to hardware limitations. .Pp If no argument is given, 1500 is assumed. A value must be given when .Dq maximum is specified. .It set mtu Xo .Op max Ns Op imum .Op Ar value .Xc The default MTU is 1500. At negotiation time, .Nm will accept whatever MRU the peer requests (assuming it is not less than 296 bytes or greater than the assigned maximum). If the MTU is set, .Nm will not accept MRU values less than .Ar value . When negotiations are complete, the MTU is used when writing to the interface, even if the peer requested a higher value MRU. This can be useful for limiting your packet size (giving better bandwidth sharing at the expense of more header data). .Pp If the .Dq maximum keyword is used, .Nm will refuse to negotiate a higher value. The maximum MTU can be set to 2048 at most. Note, it is necessary to use the .Dq maximum keyword to limit the MTU when using PPPoE. .Pp If no .Ar value is given, 1500, or whatever the peer asks for is used. A value must be given when .Dq maximum is specified. .It set nbns Op Ar x.x.x.x Op Ar y.y.y.y This option allows the setting of the Microsoft NetBIOS name server values to be returned at the peers request. If no values are given, .Nm will reject any such requests. .It set openmode active|passive Op Ar delay By default, .Ar openmode is always .Ar active with a one second .Ar delay . That is, .Nm will always initiate LCP/IPCP/CCP negotiation one second after the line comes up. If you want to wait for the peer to initiate negotiations, you can use the value .Ar passive . If you want to initiate negotiations immediately or after more than one second, the appropriate .Ar delay may be specified here in seconds. .It set parity odd|even|none|mark This allows the line parity to be set. The default value is .Ar none . .It set phone Ar telno Ns Xo .Oo \&| Ns Ar backupnumber Oc Ns ... Ns Oo : Ns Ar nextnumber Oc Ns ... Xc This allows the specification of the phone number to be used in place of the \\\\T string in the dial and login chat scripts. Multiple phone numbers may be given separated either by a pipe .Pq Dq \&| or a colon .Pq Dq \&: . .Pp Numbers after the pipe are only dialed if the dial or login script for the previous number failed. .Pp Numbers after the colon are tried sequentially, irrespective of the reason the line was dropped. .Pp If multiple numbers are given, .Nm will dial them according to these rules until a connection is made, retrying the maximum number of times specified by .Dq set redial below. In .Fl background mode, each number is attempted at most once. .It set pppoe Op standard|3Com This option configures the underlying .Xr ng_pppoe 4 node to either standard RFC2516 PPPoE or proprietary 3Com mode. If not set the system default will be used. .It set Oo proc Oc Ns Xo .No title Op Ar value .Xc The current process title as displayed by .Xr ps 1 is changed according to .Ar value . If .Ar value is not specified, the original process title is restored. All the word replacements done by the shell commands (see the .Dq bg command above) are done here too. .Pp Note, if USER is required in the process title, the .Dq set proctitle command must appear in .Pa ppp.linkup , as it is not known when the commands in .Pa ppp.conf are executed. .It set radius Op Ar config-file This command enables RADIUS support (if it is compiled in). .Ar config-file refers to the radius client configuration file as described in .Xr radius.conf 5 . If PAP, CHAP, MSCHAP or MSCHAPv2 are .Dq enable Ns No d , .Nm behaves as a .Em \&N Ns No etwork .Em \&A Ns No ccess .Em \&S Ns No erver and uses the configured RADIUS server to authenticate rather than authenticating from the .Pa ppp.secret file or from the passwd database. .Pp If none of PAP, CHAP, MSCHAP or MSCHAPv2 are enabled, .Dq set radius will do nothing. .Pp .Nm uses the following attributes from the RADIUS reply: .Bl -tag -width XXX -offset XXX .It RAD_FRAMED_IP_ADDRESS The peer IP address is set to the given value. .It RAD_FRAMED_IP_NETMASK The tun interface netmask is set to the given value. .It RAD_FRAMED_MTU If the given MTU is less than the peers MRU as agreed during LCP negotiation, *and* it is less that any configured MTU (see the .Dq set mru command), the tun interface MTU is set to the given value. .It RAD_FRAMED_COMPRESSION If the received compression type is .Dq 1 , .Nm will request VJ compression during IPCP negotiations despite any .Dq disable vj configuration command. .It RAD_FILTER_ID If this attribute is supplied, .Nm will attempt to use it as an additional label to load from the .Pa ppp.linkup and .Pa ppp.linkdown files. The load will be attempted before (and in addition to) the normal label search. If the label does not exist, no action is taken and .Nm proceeds to the normal load using the current label. .It RAD_FRAMED_ROUTE The received string is expected to be in the format .Ar dest Ns Op / Ns Ar bits .Ar gw .Op Ar metrics . Any specified metrics are ignored. .Dv MYADDR and .Dv HISADDR are understood as valid values for .Ar dest and .Ar gw , .Dq default can be used for .Ar dest to sepcify the default route, and .Dq 0.0.0.0 is understood to be the same as .Dq default for .Ar dest and .Dv HISADDR for .Ar gw . .Pp For example, a returned value of .Dq 1.2.3.4/24 0.0.0.0 1 2 -1 3 400 would result in a routing table entry to the 1.2.3.0/24 network via .Dv HISADDR and a returned value of .Dq 0.0.0.0 0.0.0.0 or .Dq default HISADDR would result in a default route to .Dv HISADDR . .Pp All RADIUS routes are applied after any sticky routes are applied, making RADIUS routes override configured routes. This also applies for RADIUS routes that do not {include} the .Dv MYADDR or .Dv HISADDR keywords. .Pp .It RAD_FRAMED_IPV6_PREFIX If this attribute is supplied, the value is substituted for IPV6PREFIX in a command. You may pass it to an upper layer protocol such as DHCPv6 for delegating an IPv6 prefix to a peer. .It RAD_FRAMED_IPV6_ROUTE The received string is expected to be in the format .Ar dest Ns Op / Ns Ar bits .Ar gw .Op Ar metrics . Any specified metrics are ignored. .Dv MYADDR6 and .Dv HISADDR6 are understood as valid values for .Ar dest and .Ar gw , .Dq default can be used for .Ar dest to sepcify the default route, and .Dq :: is understood to be the same as .Dq default for .Ar dest and .Dv HISADDR6 for .Ar gw . .Pp For example, a returned value of .Dq 3ffe:505:abcd::/48 :: would result in a routing table entry to the 3ffe:505:abcd::/48 network via .Dv HISADDR6 and a returned value of .Dq :: :: or .Dq default HISADDR6 would result in a default route to .Dv HISADDR6 . .Pp All RADIUS IPv6 routes are applied after any sticky routes are applied, making RADIUS IPv6 routes override configured routes. This also applies for RADIUS IPv6 routes that do not {include} the .Dv MYADDR6 or .Dv HISADDR6 keywords. .Pp .It RAD_SESSION_TIMEOUT If supplied, the client connection is closed after the given number of seconds. .It RAD_REPLY_MESSAGE If supplied, this message is passed back to the peer as the authentication SUCCESS text. .It RAD_MICROSOFT_MS_CHAP_ERROR If this .Dv RAD_VENDOR_MICROSOFT vendor specific attribute is supplied, it is passed back to the peer as the authentication FAILURE text. .It RAD_MICROSOFT_MS_CHAP2_SUCCESS If this .Dv RAD_VENDOR_MICROSOFT vendor specific attribute is supplied and if MS-CHAPv2 authentication is being used, it is passed back to the peer as the authentication SUCCESS text. .It RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY If this .Dv RAD_VENDOR_MICROSOFT vendor specific attribute is supplied and has a value of 2 (Required), .Nm will insist that MPPE encryption is used (even if no .Dq set mppe configuration command has been given with arguments). If it is supplied with a value of 1 (Allowed), encryption is made optional (despite any .Dq set mppe configuration commands with arguments). .It RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES If this .Dv RAD_VENDOR_MICROSOFT vendor specific attribute is supplied, bits 1 and 2 are examined. If either or both are set, 40 bit and/or 128 bit (respectively) encryption options are set, overriding any given first argument to the .Dq set mppe command. Note, it is not currently possible for the RADIUS server to specify 56 bit encryption. .It RAD_MICROSOFT_MS_MPPE_RECV_KEY If this .Dv RAD_VENDOR_MICROSOFT vendor specific attribute is supplied, it is value is used as the master key for decryption of incoming data. When clients are authenticated using MSCHAPv2, the RADIUS server MUST provide this attribute if inbound MPPE is to function. .It RAD_MICROSOFT_MS_MPPE_SEND_KEY If this .Dv RAD_VENDOR_MICROSOFT vendor specific attribute is supplied, it is value is used as the master key for encryption of outgoing data. When clients are authenticated using MSCHAPv2, the RADIUS server MUST provide this attribute if outbound MPPE is to function. .El .Pp Values received from the RADIUS server may be viewed using .Dq show bundle . .It set rad_alive Ar timeout When RADIUS is configured, setting .Dq rad_alive to a non-zero .Ar timeout value will tell .Nm to sent RADIUS accounting information to the RADIUS server every .Ar timeout seconds. .It set rad_port_id Ar option When RADIUS is configured, setting the .Dq rad_port_id value allows to specify what should be sent to the RADIUS server as NAS-Port-Id. The .Ar option Ns No s are as follows: .Bl -tag -width Ds .It pid PID of the corresponding tunnel. .It tunnum .Xr tun 4 interface number. .It ifnum index of the interface as returned by .Xr if_nametoindex 3 . .It default keeps the default behavior. .El .It set reconnect Ar timeout ntries Should the line drop unexpectedly (due to loss of CD or LQR failure), a connection will be re-established after the given .Ar timeout . The line will be re-connected at most .Ar ntries times. .Ar Ntries defaults to zero. A value of .Ar random for .Ar timeout will result in a variable pause, somewhere between 1 and 30 seconds. .It set recvpipe Op Ar value This sets the routing table RECVPIPE value. The optimum value is just over twice the MTU value. If .Ar value is unspecified or zero, the default kernel controlled value is used. .It set redial Ar secs Ns Xo .Oo + Ns Ar inc Ns .Oo - Ns Ar max Ns Oc Oc Ns .Op . Ns Ar next .Op Ar attempts .Xc .Nm can be instructed to attempt to redial .Ar attempts times. If more than one phone number is specified (see .Dq set phone above), a pause of .Ar next is taken before dialing each number. A pause of .Ar secs is taken before starting at the first number again. A literal value of .Dq Li random may be used here in place of .Ar secs and .Ar next , causing a random delay of between 1 and 30 seconds. .Pp If .Ar inc is specified, its value is added onto .Ar secs each time .Nm tries a new number. .Ar secs will only be incremented at most .Ar max times. .Ar max defaults to 10. .Pp Note, the .Ar secs delay will be effective, even after .Ar attempts has been exceeded, so an immediate manual dial may appear to have done nothing. If an immediate dial is required, a .Dq !\& should immediately follow the .Dq open keyword. See the .Dq open description above for further details. .It set sendpipe Op Ar value This sets the routing table SENDPIPE value. The optimum value is just over twice the MTU value. If .Ar value is unspecified or zero, the default kernel controlled value is used. .It "set server|socket" Ar TcpPort Ns No \&| Ns Xo .Ar LocalName Ns No |none|open|closed .Op password Op Ar mask .Xc This command tells .Nm to listen on the given socket or .Sq diagnostic port for incoming command connections. .Pp The word .Dq none instructs .Nm to close any existing socket and clear the socket configuration. The word .Dq open instructs .Nm to attempt to re-open the port. The word .Dq closed instructs .Nm to close the open port. .Pp If you wish to specify a local domain socket, .Ar LocalName must be specified as an absolute file name, otherwise it is assumed to be the name or number of a TCP port. You may specify the octal umask to be used with a local domain socket. Refer to .Xr umask 2 for umask details. Refer to .Xr services 5 for details of how to translate TCP port names. .Pp You must also specify the password that must be entered by the client (using the .Dq passwd variable above) when connecting to this socket. If the password is specified as an empty string, no password is required for connecting clients. .Pp When specifying a local domain socket, the first .Dq %d sequence found in the socket name will be replaced with the current interface unit number. This is useful when you wish to use the same profile for more than one connection. .Pp In a similar manner TCP sockets may be prefixed with the .Dq + character, in which case the current interface unit number is added to the port number. .Pp When using .Nm with a server socket, the .Xr pppctl 8 command is the preferred mechanism of communications. Currently, .Xr telnet 1 can also be used, but link encryption may be implemented in the future, so .Xr telnet 1 should be avoided. .Pp Note; .Dv SIGUSR1 and .Dv SIGUSR2 interact with the diagnostic socket. .It set speed Ar value This sets the speed of the serial device. If speed is specified as .Dq sync , .Nm treats the device as a synchronous device. .Pp Certain device types will know whether they should be specified as synchronous or asynchronous. These devices will override incorrect settings and log a warning to this effect. .It set stopped Op Ar LCPseconds Op Ar CCPseconds If this option is set, .Nm will time out after the given FSM (Finite State Machine) has been in the stopped state for the given number of .Dq seconds . This option may be useful if the peer sends a terminate request, but never actually closes the connection despite our sending a terminate acknowledgement. This is also useful if you wish to .Dq set openmode passive and time out if the peer does not send a Configure Request within the given time. Use .Dq set log +lcp +ccp to make .Nm log the appropriate state transitions. .Pp The default value is zero, where .Nm does not time out in the stopped state. .Pp This value should not be set to less than the openmode delay (see .Dq set openmode above). .It set timeout Ar idleseconds Op Ar mintimeout This command allows the setting of the idle timer. Refer to the section titled .Sx SETTING THE IDLE TIMER for further details. .Pp If .Ar mintimeout is specified, .Nm will never idle out before the link has been up for at least that number of seconds. .It set urgent Xo .Op tcp|udp|none .Oo Op +|- Ns .Ar port .Oc No ... .Xc This command controls the ports that .Nm prioritizes when transmitting data. The default priority TCP ports are ports 21 (ftp control), 22 (ssh), 23 (telnet), 513 (login), 514 (shell), 543 (klogin) and 544 (kshell). There are no priority UDP ports by default. See .Xr services 5 for details. .Pp If neither .Dq tcp or .Dq udp are specified, .Dq tcp is assumed. .Pp If no .Ar port Ns No s are given, the priority port lists are cleared (although if .Dq tcp or .Dq udp is specified, only that list is cleared). If the first .Ar port argument is prefixed with a plus .Pq Dq \&+ or a minus .Pq Dq \&- , the current list is adjusted, otherwise the list is reassigned. .Ar port Ns No s prefixed with a plus or not prefixed at all are added to the list and .Ar port Ns No s prefixed with a minus are removed from the list. .Pp If .Dq none is specified, all priority port lists are disabled and even .Dv IPTOS_LOWDELAY packets are not prioritised. .It set vj slotcomp on|off This command tells .Nm whether it should attempt to negotiate VJ slot compression. By default, slot compression is turned .Ar on . .It set vj slots Ar nslots This command sets the initial number of slots that .Nm will try to negotiate with the peer when VJ compression is enabled (see the .Sq enable command above). It defaults to a value of 16. .Ar Nslots must be between .Ar 4 and .Ar 16 inclusive. .El .Pp .It shell|! Op Ar command If .Ar command is not specified a shell is invoked according to the .Dv SHELL environment variable. Otherwise, the given .Ar command is executed. Word replacement is done in the same way as for the .Dq !bg command as described above. .Pp Use of the !\& character requires a following space as with any of the other commands. You should note that this command is executed in the foreground; .Nm will not continue running until this process has exited. Use the .Dv bg command if you wish processing to happen in the background. .It show Ar var This command allows the user to examine the following: .Bl -tag -width 2n .It show bundle Show the current bundle settings. .It show ccp Show the current CCP compression statistics. .It show compress Show the current VJ compression statistics. .It show escape Show the current escape characters. .It show filter Op Ar name List the current rules for the given filter. If .Ar name is not specified, all filters are shown. .It show hdlc Show the current HDLC statistics. .It show help|? Give a summary of available show commands. .It show iface Show the current interface information (the same as .Dq iface show ) . .It show ipcp Show the current IPCP statistics. .It show layers Show the protocol layers currently in use. .It show lcp Show the current LCP statistics. .It show Oo data Oc Ns Xo .No link .Xc Show high level link information. .It show links Show a list of available logical links. .It show log Show the current log values. .It show mem Show current memory statistics. .It show ncp Show the current NCP statistics. .It show physical Show low level link information. .It show mp Show Multi-link information. .It show proto Show current protocol totals. .It show route Show the current routing tables. .It show stopped Show the current stopped timeouts. .It show timer Show the active alarm timers. .It show version Show the current version number of .Nm . .El .Pp .It term Go into terminal mode. Characters typed at the keyboard are sent to the device. Characters read from the device are displayed on the screen. When a remote .Em PPP peer is detected, .Nm automatically enables Packet Mode and goes back into command mode. .El .Sh MORE DETAILS .Bl -bullet .It Read the example configuration files. They are a good source of information. .It Use .Dq help , .Dq nat \&? , .Dq enable \&? , .Dq set ?\& and .Dq show ?\& to get online information about what is available. .It The following URLs contain useful information: .Bl -bullet -compact .It http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/faq/ppp.html .It http://www.FreeBSD.org/doc/handbook/userppp.html .El .Pp .El .Sh FILES .Nm refers to four files: .Pa ppp.conf , .Pa ppp.linkup , .Pa ppp.linkdown and .Pa ppp.secret . These files are placed in the .Pa /etc/ppp directory. .Bl -tag -width 2n .It Pa /etc/ppp/ppp.conf System default configuration file. .It Pa /etc/ppp/ppp.secret An authorisation file for each system. .It Pa /etc/ppp/ppp.linkup A file to check when .Nm establishes a network level connection. .It Pa /etc/ppp/ppp.linkdown A file to check when .Nm closes a network level connection. .It Pa /var/log/ppp.log Logging and debugging information file. Note, this name is specified in .Pa /etc/syslog.conf . See .Xr syslog.conf 5 for further details. .It Pa /var/spool/lock/LCK..* tty port locking file. Refer to .Xr uucplock 3 for further details. .It Pa /var/run/tunN.pid The process id (pid) of the .Nm program connected to the tunN device, where .Sq N is the number of the device. .It Pa /var/run/ttyXX.if The tun interface used by this port. Again, this file is only created in .Fl background , .Fl auto and .Fl ddial modes. .It Pa /etc/services Get port number if port number is using service name. .It Pa /var/run/ppp-authname-class-value In multi-link mode, local domain sockets are created using the peer authentication name .Pq Sq authname , the peer endpoint discriminator class .Pq Sq class and the peer endpoint discriminator value .Pq Sq value . As the endpoint discriminator value may be a binary value, it is turned to HEX to determine the actual file name. .Pp This socket is used to pass links between different instances of .Nm . .El .Sh SEE ALSO .Xr at 1 , .Xr ftp 1 , .Xr gzip 1 , .Xr hostname 1 , .Xr login 1 , .Xr tcpdump 1 , .Xr telnet 1 , .Xr kldload 2 , .Xr pipe 2 , .Xr socketpair 2 , ifdef({LOCALNAT},{},{.Xr libalias 3 , })dnl ifdef({LOCALRAD},{},{.Xr libradius 3 , })dnl .Xr syslog 3 , .Xr uucplock 3 , .Xr netgraph 4 , .Xr ng_pppoe 4 , .Xr crontab 5 , .Xr group 5 , .Xr passwd 5 , .Xr protocols 5 , .Xr radius.conf 5 , .Xr resolv.conf 5 , .Xr syslog.conf 5 , .Xr adduser 8 , .Xr chat 8 , .Xr getty 8 , .Xr inetd 8 , .Xr init 8 , .Xr named 8 , .Xr ping 8 , .Xr pppctl 8 , .Xr pppoed 8 , .Xr route 8 , .Xr sshd 8 , .Xr syslogd 8 , .Xr traceroute 8 , .Xr vipw 8 .Sh HISTORY This program was originally written by .An Toshiharu OHNO Aq tony-o@iij.ad.jp , and was submitted to .Fx 2.0.5 by .An Atsushi Murai Aq amurai@spec.co.jp . .Pp It was substantially modified during 1997 by .An Brian Somers Aq brian@Awfulhak.org , and was ported to .Ox in November that year (just after the 2.2 release). .Pp Most of the code was rewritten by .An Brian Somers in early 1998 when multi-link ppp support was added.