1pppoed(1M) System Administration Commands pppoed(1M)
2
6 pppoed - PPPoE server daemon
7
9 ppoed [options]
10
13 The pppoed daemon implements the server-side negotiation of PPPoE. When
14 a client requests service from this daemon, a copy of pppd(1M) is
15 invoked to handle the actual PPP communication.
16 At startup, options are read from the command line and the
19 /etc/ppp/pppoe file. After these options have been read, options in the
20 per-device /etc/ppp/pppoe.device files are read, using the device names
21 specified on the command line or in /etc/ppp/pppoe. Device names are
22 not permitted in the per-device files. It is not an error if any of
23 these files are absent; missing files are ignored.
24 Options are reread in the same order on SIGHUP. Except for the possi‐
27 bility of short delays due to the processing time, SIGHUP does not
28 interfere with any client operations. Current status, including options
29 read, is dumped to /tmp/pppoed.pid on SIGINT.
30 The options are used to set up a list of services to be offered to
33 PPPoE clients on the broadcast domains (Ethernet subnets) specified by
34 the named devices. Option parsing is always in one of two modes, either
35 global mode or service mode. The initial mode at the beginning of each
36 file (and the command line) is global mode. Options specified in global
37 mode serve as default values for subsequently defined services. Service
38 mode is entered by the service name option. In this mode, the named
39 option is defined. Options that appear in this mode override any global
40 mode definitions for the current service.
41 The option parsing follows standard shell tokenizing rules, using
44 whitespace to delimit tokens, quotes to enclose strings that can con‐
45 tain whitespace, and escape sequences for special characters. Environ‐
46 ment variables are substituted using familiar $VAR and ${VAR} syntax
47 and set using NEWVAR=string. Variables are both usable in subsequent
48 options and provided to the pppd(1M) processes spawned for each client,
49 but they are interpreted as they are encountered during option process‐
50 ing. Thus, all set variables are seen by all processes spawned; posi‐
51 tion in the configuration files has no effect on this.
52
54 The pppoed daemon supports the following options:
55 client [except] client-list
57 This option restricts the clients that may receive the service. If
59 the except keyword is given, then the clients on the list cannot
60 access the service, but others can. If this keyword is not given,
61 then only the listed clients can access the service.
62 This option can be specified more than once for a given service.
64 For a given client, first match among all listed options encoun‐
65 tered specifies the handling. If it matches an option with except
66 specified, then access is denied. Otherwise, it is granted. The
67 client list within a service is prepended to any list specified in
68 the global context.
69 If no client options are given or if all options are specified with
71 except, then all clients are permitted by default. If any client
72 options without except are specified, then no clients are permitted
73 by default.
74 The client-list is a comma-separated list of client identifiers.
76 The match is made if any client on the list matches; thus, these
77 are logically "ORed" together. Each client identifier can be either
78 a symbolic name (resolved through /etc/ethers or NIS, as defined by
79 /etc/nsswitch.conf) or a hexadecimal Ethernet address in the format
80 x:x:x:x:x:x. In the latter case, any byte of the address can be
81 "*", which matches any value in that position. For example,
82 40:0:1a:*:*:* matches Ethernet adapters from the manufacturer
83 assigned block 40:0:1a.
84 debug
87 Increase debug logging detail level by one. The detail levels are 0
89 (no logging), 1 (errors only; the default), 2 (warnings), 3 (infor‐
90 mational messages), and 4 (debug messages). Log messages are writ‐
91 ten by default to syslog(3C) using facility daemon (see the log
92 option below). When specified on the command line or in the global
93 context of the /etc/ppp/pppoe file, this option also sets the dae‐
94 mon's default (non-service-related) detail level.
95 device device-list
98 Specify the devices on which the service is available. The device-
100 list is a comma-separated list of logical device names (without the
101 leading /dev/), such as hme0. This option is ignored if encountered
102 in the per-device /etc/ppp/pppoe.device files.
103 extra string
106 Specifies extra options to pppd(1M). It defaults to "plugin
108 pppoe.so directtty" and usually does not need to be overridden.
109 file path
112 Suspends parsing of the current file, returns to global mode, and
114 reads options from path. This file must be present and readable; if
115 it is not, an error is logged. When the end of that file is
116 reached, processing returns to the current file and the mode is
117 reset to global again.
118 The global mode options specified in files read by this command use
120 the options set in the current file's global mode; this condition
121 extends to any file included by those files. All files read are
122 parsed as though the command line had specified this option, and
123 thus inherit the command line's global modes.
124 This option can be used to revert to global mode at any point in an
126 option file by specifying file /dev/null.
127 group name
130 Specifies the group ID (symbolic or numeric) under which pppd is
132 executed. If pppoed is not run as root, this option is ignored.
133 log path
136 Specifies an alternate debug logging file. Debug messages are sent
138 to this file instead of syslog. The special name syslog is recog‐
139 nized to switch logging back to syslog. When specified on the com‐
140 mand line or in the global context of the /etc/ppp/pppoe file, this
141 option also sets the daemon's default (non-service-related) log
142 file.
143 nodebug
146 Set debug logging detail level to 0 (no logging). When specified on
148 the command line or in the global context of the /etc/ppp/pppoe
149 file, this option also sets the daemon's default (non-service-
150 related) detail level.
151 nowildcard
154 Specifies that the current service should not be included in
156 response to clients requesting "any" service. The client must ask
157 for this service by name. When specified on the command line or in
158 the global context of the /etc/ppp/pppoe file, this option causes
159 pppoed to ignore all wildcard service requests.
160 path path
163 Specifies the path to the pppd executable. Defaults to
165 /usr/bin/pppd.
166 pppd string
169 Passes command-line arguments to pppd. It can be used to set the IP
171 addresses or configure security for the session. The default value
172 is the empty string.
173 server string
176 Specifies the PPPoE Access Concentrator name to be sent to the
178 client. It defaults to "Solaris PPPoE".
179 service name
182 Closes any service being defined and begins definition of a new
184 service. The same service name can be used without conflict on mul‐
185 tiple devices. If the same service name is used on a single device,
186 then the last definition encountered during parsing overrides all
187 previous definitions.
188 user name
191 Specifies the user ID, symbolic or numeric, under which pppd is
193 executed. If pppoed is not run as root, this option is ignored.
194 wildcard
197 Specifies that the service should be included in responses to
199 client queries that request "any" service, which is done by
200 requesting a service name of length zero. When specified on the
201 command line or in the global context of the /etc/ppp/pppoe file,
202 this option causes pppoed to ignore all wildcard service requests.
203 This is the default.
204
207 Example 1 Configuring for Particular Services
208 In the /etc/ppp/pppoe file:
211 service internet
214 device $DEV
215 pppd "proxyarp 192.168.1.1:"
216 service debugging
217 device hme0,$DEV
218 pppd "debug proxyarp 192.168.1.1:"
219 You then invoke the daemon with:
223 example% /usr/lib/inet/pppoed DEV=eri0
226 The lines in /etc/ppp/pppoe and the preceding command result in offer‐
231 ing services "internet" and "debugging" (and responding to wildcard
232 queries) on interface eri0, and offering only service "debugging" on
233 interface hme0.
234
237 The pppoed daemon responds to the following signals:
238 SIGHUP Causes pppoed to reparse the original command line and all
240 configuration files, and close and reopen any log files.
241 SIGINT Causes a snapshot of the state of the pppoed daemon to be
244 written to /tmp/pppoed.pid (where pid is the decimal process
245 ID of the daemon).
246
249 /usr/lib/inet/pppoed executable command
250 /dev/sppptun Solaris PPP tunneling device driver
253 /etc/ppp/pppoe main configuration option file
256 /etc/ppp/pppoe.device per-device configuration option file
259 /etc/ppp/pppoe-errors location of output from pppd's stderr
262 /etc/ppp/pppoe.if list of Ethernet interfaces to be plumbed at
265 boot time
266 /tmp/pppoed.pid ASCII text file containing dumped pppoed state
269 information
270
273 See attributes(5) for descriptions of the following attributes:
274 ┌─────────────────────────────┬─────────────────────────────┐
279 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
280 ├─────────────────────────────┼─────────────────────────────┤
281 │Availability │SUNWpppdt │
282 └─────────────────────────────┴─────────────────────────────┘
283
285 pppd(1M), pppoec(1M), sppptun(1M), sppptun(7M)
286 Mamakos, L., et al. RFC 2516, A Method for Transmitting PPP Over Ether‐
289 net (PPPoE). Network Working Group. February 1999
290
292 Because pppd is installed setuid root, this daemon need not be run as
293 root. However, if it is not run as root, the user and group options are
294 ignored.
295 The Ethernet interfaces to be used must be plumbed for PPPoE using the
298 sppptun(1M) utility before services can be offered.
299 The daemon operate runs even if there are no services to offer. If you
302 want to modify a configuration, it is not necessary to terminate the
303 daemon. Simply use pkill -HUP pppoed after updating the configuration
304 files.
305 The PPPoE protocol is far from perfect. Because it runs directly over
308 Ethernet, there is no possibility of security and the MTU is limited to
309 1492 (violating RFC 1661's default value of 1500). It is also not pos‐
310 sible to run the client and the server of a given session on a single
311 machine with a single Ethernet interface for testing purposes. The
312 client and server portions of a single session must be run on separate
313 Ethernet interfaces with different MAC addresses.
314SunOS 5.11 6 Jan 2003 pppoed(1M)