$NetBSD: patch-ah,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $ Index: pppd/pppd.8 diff -u pppd/pppd.8:1.1.1.5 pppd/pppd.8:1.25 --- pppd/pppd.8:1.1.1.5 Tue Aug 24 13:25:40 1999 +++ pppd/pppd.8 Tue Aug 24 19:07:45 1999 @@ -45,6 +46,24 @@ 4.4BSD and NetBSD, any speed can be specified. Other systems (e.g. SunOS) allow only a limited set of speeds. .TP +.B active-filter-in \fIfilter-expression +.TP +.B active-filter-out \fIfilter-expression +Specifies an incoming and outgoing packet filter to be applied to data +packets to determine which packets are to be regarded as link activity, +and therefore reset the idle timer, or cause the link to be brought up +in demand-dialling mode. This option is useful in conjunction with the +\fBidle\fR option if there are packets being sent or received +regularly over the link (for example, routing information packets) +which would otherwise prevent the link from ever appearing to be idle. +The \fIfilter-expression\fR syntax is as described for tcpdump(8), +except that qualifiers which are inappropriate for a PPP link, such as +\fBether\fR and \fBarp\fR, are not permitted. Generally the filter +expression should be enclosed in single-quotes to prevent whitespace +in the expression from being interpreted by the shell. This option +is currently only available under NetBSD, and then only +if both the kernel and pppd were compiled with PPP_FILTER defined. +.TP .B asyncmap \fI Set the async character map to . This map describes which control characters cannot be successfully received over the serial @@ -296,8 +315,8 @@ seconds. The link is idle when no data packets (i.e. IP packets) are being sent or received. Note: it is not advisable to use this option with the \fIpersist\fR option without the \fIdemand\fR option. -If the \fBactive-filter\fR -option is given, data packets which are rejected by the specified +If the \fBactive-filter-in\fR and/or \fBactive-filter-out\fR +options are given, data packets which are rejected by the specified activity filter also count as the link being idle. .TP .B ipcp-accept-local @@ -664,23 +683,23 @@ .B pap-timeout \fIn Set the maximum time that pppd will wait for the peer to authenticate itself with PAP to \fIn\fR seconds (0 means no limit). +.TP +.B pass-filter-in \fIfilter-expression .TP -.B pass-filter \fIfilter-expression -Specifies a packet filter to applied to data packets being sent or -received to determine which packets should be allowed to pass. -Packets which are rejected by the filter are silently discarded. This -option can be used to prevent specific network daemons (such as -routed) using up link bandwidth, or to provide a basic firewall +.B pass-filter-out \fIfilter-expression +Specifies an incoming and outgoing packet filter to applied to data +packets being sent or received to determine which packets should be +allowed to pass. Packets which are rejected by the filter are silently +discarded. This option can be used to prevent specific network daemons +(such as routed) using up link bandwidth, or to provide a basic firewall capability. -The \fIfilter-expression\fR syntax is as described for tcpdump(1), +The \fIfilter-expression\fR syntax is as described for tcpdump(8), except that qualifiers which are inappropriate for a PPP link, such as \fBether\fR and \fBarp\fR, are not permitted. Generally the filter expression should be enclosed in single-quotes to prevent whitespace -in the expression from being interpreted by the shell. Note that it -is possible to apply different constraints to incoming and outgoing -packets using the \fBinbound\fR and \fBoutbound\fR qualifiers. This -option is currently only available under NetBSD, and then only if both -the kernel and pppd were compiled with PPP_FILTER defined. +in the expression from being interpreted by the shell. This option is +currently only available under NetBSD, and then only if both the kernel +and pppd were compiled with PPP_FILTER defined. .TP .B persist Do not exit after a connection is terminated; instead try to reopen