1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2: <HTML>
3: <HEAD>
4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
5: <TITLE>Interface layer</TITLE>
6: </HEAD>
7: <BODY text="#000000" bgcolor="#ffffff">
8:
9: <A HREF="mpd.html"><EM>Mpd 5.9 User Manual</EM></A>
10: <b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
11: <b>:</b> <EM>Interface layer</EM><BR>
12: <b>Previous:</b> <A HREF="mpd27.html"><EM>IPv6CP layer</EM></A><BR>
13: <b>Next:</b> <A HREF="mpd29.html"><EM>Authentication, Authorization and Accounting (AAA)</EM></A>
14:
15:
16: <HR NOSHADE>
17: <H2><A NAME="28"></A>4.9. Interface layer<A NAME="interface"></A></H2>
18:
19: <p>This chapter describes commands that configure the interface layer.
20: All of these commands apply to the currently active bundle.</p>
21: <p>Note that while most of the time mpd is used for transmitting
22: IP traffic, it is designed to support other (currently unimplemented)
23: protocols such as AppleTalk, IPX, etc. This is why the Interface
24: layer (which is protocol independent) is distinct from the
25: <A HREF="mpd26.html#ipcp">IP Control Protocol (IPCP) layer</A> which is specific to IP.</p>
26: <p>
27: <dl>
28:
29: <dt><b><code>set iface name [ <em>name</em> ]</code></b><dd><p>This command changes interface name from default ngX to specified one.
30: If name argument is not specified, original ngX name is restored.
31: Note that inside Netgraph original ngX name is always used.</p>
32:
33: <dt><b><code>set iface description [ <em>description</em> ]</code></b><dd><p>This command changes interface description.</p>
34: <p>Template may contain conversion specifications:
35: <pre>
36: %% expands to single % sign;
37: %a for interface local address;
38: %A for peer local address;
39: %i for system interface index;
40: %I for interface name;
41: %l for name of bundle's first link
42: %M for peer MAC address of bundle's first link
43: %o for local outer ("physical") address of bundle's first link
44: %O for peer outer ("physical") address of bundle's first link
45: %P for peer outer ("physical") port of bundle's first link
46: %S for interface status (DoD/UP/DOWN)
47: %t for type of bundle's first link (pppoe, pptp, l2tp etc.)
48: %u for self auth name (or dash if self auth name not used)
49: %U for peer auth name (or dash if peer has not authenticated)
50: </pre>
51: </p>
52:
53: <dt><b><code>set iface group [ <em>group</em> ]</code></b><dd><p>This command add interface to specific group.</p>
54:
55: <dt><b><code>set iface addrs [!]<em>local-ip</em> [!]<em>remote-ip</em></code></b><dd><p>This command is usually required when dial-on-demand is enabled.
56: Normally, mpd configures the interface with the IP addresses that
57: were negotiated when connecting the link. Since dial-on-demand
58: configures the interface before actually connecting, mpd has to be
59: told initial local and remote IP addresses to give the interface.
60: These addresses do not have to correspond to the ``real'' ones; in
61: fact, both addresses can be completely fictional. If and when
62: different addresses are negotiated later, mpd will automatically
63: renumber the interface and adjust the routes.</p>
64: <p>Also this command may be used to force specified addresses usage
65: instead of negotiated ones. It may be useful in some specific cases,
66: for example, to avoid routing loop with misconfigured PPTP server.
67: In such case '!' mark specifies IPs to be forced.</p>
68:
69: <dt><b><code>set iface route <em>address[/width]</em></code></b><dd><p>This command associates a route with the bundle. Whenever the
70: interface is configured up, all associated routes are added.
71: A route of <code><b>default</b></code> indicates the default route.
72: Otherwise, the route is a network address with optional netmask
73: width (e.g., <code><b>192.168.1.0/24</b></code>). If the netmask
74: width is omitted, a single host route is assumed (i.e., a width
75: of 32).</p>
76: <p>Routes are automatically removed when the interface is brought down.</p>
77:
78: <dt><b><code>set iface mtu <em>value</em> [ override ]</code></b><dd><p>Without optional keyword <code><b>override</b></code>, this command
79: sets an upper bound on the MTU that will be configured
80: on the interface when the bundle comes up.
81: This value is not used at all during link negotiation; there are
82: separate bundle and link commands for configuring that.
83: Even if a higher bundle MTU is negotiated, this limit will still apply.</p>
84: <p>This command is useful when you want to manually restrict the MTU
85: of the interface for other reasons, e.g., if you're also doing IPSec.</p>
86: <p>The default is 1500.</p>
87: <p>Optional keyword <code><b>override</b></code> allows you to override
88: the result of link negotiation and set interface MTU to specified value.
89: Such override can violate RFC 1661, so use with caution and at your own risk.
90: This is useful when you deal with broken PPP peer negotiating too low value
91: while higher MTU is known to work.</p>
92:
93: <dt><b><code>set iface idle <em>seconds</em></code></b><dd><p>Sets the idle timeout value for the bundle. If no incoming or
94: outgoing packets are transmitted for <code><em>seconds</em></code>
95: seconds, the connection is brought down. An idle timeout of
96: zero disables this feature.</p>
97: <p>When the idle timeout occurs, if the dial-on-demand option is
98: enabled, mpd goes back into dial-on-demand mode. Otherwise, the
99: interface is brought down and all associated routes removed.</p>
100: <p>The default is 0.</p>
101:
102: <dt><b><code>set iface session <em>seconds</em></code></b><dd><p>Sets the session timeout value for the bundle. An session timeout of
103: zero disables this feature.</p>
104: <p>The default is 0.</p>
105:
106: <dt><b><code>set iface up-script <em>script</em> </code></b><dd>
107: <dt><b><code>set iface down-script <em>script</em> </code></b><dd>
108: <p>Mpd can optionally run a user program every time one of network
109: protocols (IPCP/IPv6CP) at the interface is brought up or down.
110: The <code><b>up-script</b></code> is called like this:
111: <blockquote><code>
112: <code><em>script</em> <em>interface</em> <em>proto</em> <em>local-ip</em> <em>remote-ip</em> <em>authname</em> [ dns1 <em>server-ip</em> ] [ dns2 <em>server-ip</em> ]
113: <em>peer-address</em></code>
114: </code></blockquote>
115: </p>
116: <p>If up-script exit status is not 0, mpd will kill respective protocol.</p>
117: <p>The <code><b>down-script</b></code> is called like this:
118: <blockquote><code>
119: <code><em>script</em> <em>interface</em> <em>proto</em> <em>local-ip</em> <em>remote-ip</em> <em>authname</em> <em>peer-address</em></code>
120: </code></blockquote>
121: </p>
122:
123: <dt><b><code>set iface enable <em>option ...</em><br>
124: set iface disable <em>option ...</em></code></b><dd><p>Enable and disable the various interface layer options for the bundle.</p>
125:
126: </dl>
127: </p>
128:
129: <p>The options available at the interface layer are:</p>
130: <p>
131: <dl>
132:
133: <dt><b><code>on-demand</code></b><dd><p>This option causes the interface to operate in dial-on-demand mode,
134: allowing you to have a ``virtual full time'' connection.
135: An OPEN event causes the interface to be configured, but the actual
136: connection of the link is delayed until qualifying outgoing traffic
137: is detected. Moreover, after an idle timeout, the interface is not
138: brought down; further traffic will bring the link back up again.</p>
139: <p>The default is disable.</p>
140:
141: <dt><b><code>proxy-arp</code></b><dd><p>When this option is enabled, if after link negotiation the peer's
142: IP address is determined to lie on a local subnet, then mpd will
143: arrange for the local machine to install a proxy ARP entry for
144: the remote machine's IP address.</p>
145: <p>For example, suppose the local machine lies on a LAN with address
146: 192.168.1.10, and another machine will be connecting via mpd
147: and using the LAN address 192.168.1.20. Then these commands would
148: set up proxy ARP for the remote machine:
149: <blockquote><code>
150: <code>set iface enable proxy-arp<br>
151: set ipcp ranges 192.168.1.10/32 192.168.1.20/32</code>
152: </code></blockquote>
153: </p>
154: <p>The default is disable.</p>
155:
156: <dt><b><code>keep-timeout</code></b><dd><p>When this option is enabled, we are not clear ``session timeout''
157: counter. This is useful together with CoA requests.</p>
158: <p>The default is disable.</p>
159:
160: <dt><b><code>tcpmssfix</code></b><dd><p>This option causes mpd to adjust incoming and outgoing TCP SYN
161: segments so that the requested maximum segment size is not greater
162: than the amount allowed by the interface MTU.</p>
163: <p>This is necessary in many setups to avoid problems caused by routers
164: that drop ICMP Datagram Too Big messages. Without these messages,
165: the originating machine sends data, it passes the rogue router then
166: hits a machine that has an MTU that is not big enough for the data.
167: Because the IP Don't Fragment option is set, this machine sends an
168: ICMP Datagram Too Big message back to the originator and drops the
169: packet. The rogue router drops the ICMP message and the originator
170: never gets to discover that it must reduce the fragment size or drop
171: the IP Don't Fragment option from its outgoing data.</p>
172: <p>The code is based on tcpmssd wich was written by Ruslan Ermilov
173: <A href="mailto:<ru@FreeBSD.org>"><ru@FreeBSD.org></A>
174: based on work done by Patrick Bihan-Faou
175: <A href="mailto:<patrick@mindstep.com>"><patrick@mindstep.com></A>.</p>
176: <p>The default is disable.</p>
177:
178: <dt><b><code>tee</code></b><dd><p>If enabled, a ng_tee(4) node will be inserted
179: into the bundle graph, right after the interface node. The tee node
180: can be useful for debugging or traffic accounting.</p>
181: <p>The default is disable.</p>
182:
183: <dt><b><code>nat</code></b><dd><p>Enable NAT for this bundle.
184: See
185: <A HREF="mpd39.html#nat">the NAT chapter</A> for more information.</p>
186: <p>The default is disable.</p>
187:
188: <dt><b><code>netflow-in</code></b><dd>
189: <dt><b><code>netflow-out</code></b><dd>
190: <dt><b><code>netflow-once</code></b><dd><p>If enabled, the bundle will participate in
191: NetFlow generation. See
192: <A HREF="mpd34.html#netflow">the NetFlow chapter</A>
193: for more information. The netflow-out option is like netflow-in, but
194: generates NetFlow data for outgoing packets instead of incoming.
195: If netflow-once enabled - packet will be accounted only once while
196: in kernel.</p>
197: <p>The default is disable.</p>
198:
199: <dt><b><code>ipacct</code></b><dd><p>If enabled, the bundle will participate in IP accounting with ng_ipacct node.
200: See
201: <A HREF="mpd35.html#ipacct">the IP Accounting chapter</A> for more information.</p>
202: <p>The default is disable.</p>
203:
204: </dl>
205: </p>
206: <HR NOSHADE>
207: <A HREF="mpd.html"><EM>Mpd 5.9 User Manual</EM></A>
208: <b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
209: <b>:</b> <EM>Interface layer</EM><BR>
210: <b>Previous:</b> <A HREF="mpd27.html"><EM>IPv6CP layer</EM></A><BR>
211: <b>Next:</b> <A HREF="mpd29.html"><EM>Authentication, Authorization and Accounting (AAA)</EM></A>
212:
213:
214:
215: </BODY>
216: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mpd28.html CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc