ipp-usb.8

.\" generated with Ronn-NG/v0.10.1
.\" http://github.com/apjanke/ronn-ng/tree/0.10.1
.TH "IPP\-USB" "8" "June 2024" "" "ipp-usb.8"
.SH "NAME"
\fBipp\-usb\fR \- Daemon for IPP over USB printer support
.SH "DESCRIPTION"
\fBipp\-usb\fR daemon enables driver\-less printing and scanning on USB\-only AirPrint\-compatible printers and MFPs\.
.P
It works by connecting to the device by USB using IPP\-over\-USB protocol, and exposing the device to the network, including DNS\-SD (ZeroConf) advertising\.
.P
IPP printing, eSCL scanning and web console are fully supported\.
.SH "SYNOPSIS"
.SS "Usage:"
\fBipp\-usb mode [options]\fR
.SS "Modes are:"
.TP
\fBstandalone\fR
run forever, automatically discover IPP\-over\-USB devices and serve them all
.TP
\fBudev\fR
like standalone, but exit when last IPP\-over\-USB device is disconnected
.TP
\fBdebug\fR
logs duplicated on console, \-bg option is ignored
.TP
\fBcheck\fR
check configuration and exit\. It also prints a list of all connected devices
.TP
\fBstatus\fR
print status of the running \fBipp\-usb\fR daemon, including information of all connected devices
.SS "Options are"
.TP
\fB\-bg\fR
run in background (ignored in debug mode)
.SH "NETWORKING"
Essentially, \fBipp\-usb\fR makes printer or scanner accessible from the network, converting network\-side HTTP operations to the USB operations\.
.P
By default, \fBipp\-usb\fR exposes device only to the loopback interface, using the \fBlocalhost\fR address (both \fB127\.0\.0\.1\fR and \fB::1\fR, for IPv4 and IPv6, respectively)\. TCP ports are allocated automatically, and allocation is persisted in the association with the particular device, so the next time the device is plugged on, it will get the same port\. The default port range for TCP ports allocation is \fB60000\-65535\fR\.
.P
This default behavior can be changed, using configuration file\. See \fBCONFIGURATION\fR section below for details\.
.P
If you decide to publish your device to the real network, the following things should be taken into consideration:
.IP "1." 4
Your \fBprivate\fR device will become \fBpublic\fR and it will become accessible by other computers from the network
.IP "2." 4
Firewall rules needs to be updated appropriately\. The \fBipp\-usb\fR daemon will not do it automatically by itself
.IP "3." 4
IPP over USB specification explicitly require that the \fBHost\fR field in the HTTP request is set to \fBlocalhost\fR or \fBlocalhost:port\fR\. If device is accessed from the real network, \fBHost\fR header will reflect the real network address\. Most of devices allow it, but some are more restrictive and will not work in this configuration\.
.IP "" 0
.SH "DNS\-SD (AVAHI INTEGRATION)"
IPP over USB is intended to be used with the automatic device discovery, and for this purpose \fBipp\-usb\fR advertises all devices it handles, using DNS\-SD protocol\. On Linux, DNS\-SD is handled with a help of Avahi daemon\.
.P
DNS\-SD advertising can be disabled via configuration file\. Also, if Avahi is not installed or not running, \fBipp\-usb\fR will still work correctly, although DNS\-SD advertising will not work\.
.P
For every device the following services will be advertised:
.TS
allbox;
l l l.
Instance	Type	Subtypes
Device name	_ipp\._tcp	_universal\._sub\._ipp\._tcp
Device name	_printer\._tcp	\~
Device name	_uscan\._tcp	\~
Device name	_http\._tcp	\~
BBPP	_ipp\-usb\._tcp	\~
.TE
.P
Notes:
.IP "\(bu" 4
\fBDevice name\fR is the name under which device appears in the list of available devices, for example, in the printing dialog (it is DNS\-SD device name, in another words), and for most of devices will match the device's model name\. It is appended with the \fB" (USB)"\fR suffix, so if device is connected via network and via USB simultaneously, these two connections can be easily distinguished\. If there are two devices with the same name connected simultaneously, the suffix becomes \fB" (USB NNN)"\fR, with NNN number unique for each device, for disambiguation\. In another words, the single \fB"Kyocera ECOSYS M2040dn"\fR device will be listed as \fB"Kyocera ECOSYS M2040dn (USB)"\fR, and two such a devices will be listed as \fB"Kyocera ECOSYS M2040dn (USB 1)"\fR and \fB"Kyocera ECOSYS M2040dn (USB 2)"\fR
.IP "\(bu" 4
\fB_ipp\._tcp\fR and \fB_printer\._tcp\fR are only advertises for printer devices and MFPs
.IP "\(bu" 4
\fB_uscan\._tcp\fR is only advertised for scanner devices and MFPs
.IP "\(bu" 4
for the \fB_ipp\._tcp\fR service, the \fB_universal\._sub\._ipp\._tcp\fR subtype is also advertised for iOS compatibility
.IP "\(bu" 4
\fB_printer\._tcp\fR is advertised with TCP port set to 0\. Other services are advertised with the actual port number
.IP "\(bu" 4
\fB_http\._tcp\fR is device web\-console\. It is always advertises in assumption it is always exist
.IP "\(bu" 4
\fBBBPP\fR, used for the \fB_ipp\-usb\._tcp\fR service, is the USB bus (BB) and port (PP) numbers in hex\. The purpose of this advertising is to help CUPS and other possible "clients" to guess which devices are handled by the \fBipp\-usb\fR service, to avoid possible conflicts with the legacy USB drivers\.
.IP "" 0
.SH "CONFIGURATION"
\fBipp\-usb\fR searched for its configuration file in two places:
.IP "1." 4
\fB/etc/ipp\-usb/ipp\-usb\.conf\fR
.IP "2." 4
\fBipp\-usb\.conf\fR in the directory where executable file is located
.IP "" 0
.P
Configuration file syntax is very similar to \.INI files syntax\. It consist of named sections, and each section contains a set of named variables\. Comments are started from # or ; characters and continues until end of line:
.IP "" 4
.nf
# This is a comment
[section 1]
variable 1 = value 1  ; and another comment
variable 2 = value 2
.fi
.IP "" 0
.SS "Network parameters"
Network parameters are all in the \fB[network]\fR section:
.IP "" 4
.nf
[network]
  # TCP ports for HTTP will be automatically allocated in the
  # following range
  http\-min\-port = 60000
  http\-max\-port = 65535

  # Enable or disable DNS\-SD advertisement
  dns\-sd = enable      # enable | disable

  # Network interface to use\. Set to `all` if you want to expose you
  # printer to the local network\. This way you can share your printer
  # with other computers in the network, as well as with iOS and
  # Android devices\.
  interface = loopback # all | loopback

  # Enable or disable IPv6
  ipv6 = enable        # enable | disable
.fi
.IP "" 0
.SS "Authentication"
By default, \fBipp\-usb\fR exposes locally connected USB printer to all users of the system\.
.P
Though this is reasonable behavior in most cases, when computer and printer are both in personal use, for bigger installation this approach can be too simple and primitive\.
.P
\fBipp\-usb\fR provides a mechanism, which allows to control local clients access based on UID the client program runs under\.
.P
Please note, this mechanism will not work for remote connections (disabled by default but supported)\. Authentication of remote users requires some different mechanism, which is under consideration but is not yet implemented\.
.P
Note also, this mechanism may or may not work in containerized installation (i\.e\., snap, flatpak and similar)\. The container namespace may be isolated from the system and/or user's namespaces, so even for local clients the UID as seen by the \fBipp\-usb\fR may be different from the system\-wide UID\.
.P
Authentication parameters are all in the [auth uid] section:
.IP "" 4
.nf
# Local user authentication by UID/GID
[auth uid]
  # Syntax:
  #     operations = users
  #
  # Operations are comma\-separated list of following operations:
  #     all    \- all operations
  #     config \- configuration web\-console
  #     fax    \- faxing
  #     print  \- printing
  #     scan   \- scanning
  #
  # Users have the following suntax:
  #     user   \- user name
  #     @group \- all users that belongs to the group
  #
  # Users and groups may be specified either by names or by
  # numbers\. "*" means any
  #
  # Note, if user/group is not known in the context of request
  # (for example, in the case of non\-local network connection),
  # "*" used for matching, which will only match wildcard
  # rules\.
  #
  # User/group names are resolved at the moment of request
  # processing (and cached for a couple of seconds), so running
  # daemon will see changes to the /etc/passwd and /etc/group
  #
  # Examples:
  #     fax, print = lp, @lp   # Allow CUPS to do its work
  #     scan       = *         # Allow any user to scan
  #     config     = @wheel    # Only wheel group members can do that
  all = *
.fi
.IP "" 0
.SS "Logging configuration"
Logging parameters are all in the \fB[logging]\fR section:
.IP "" 4
.nf
[logging]
  # device\-log  \- what logs are generated per device
  # main\-log    \- what common logs are generated
  # console\-log \- what of generated logs goes to console
  #
  # parameter contains a comma\-separated list of
  # the following keywords:
  #   error     \- error messages
  #   info      \- informative messages
  #   debug     \- debug messages
  #   trace\-ipp, trace\-escl, trace\-http \- very detailed
  #               per\-protocol traces
  #   trace\-usb \- hex dump of all USB traffic
  #   all       \- all logs
  #   trace\-all \- alias to all
  #
  # Note, trace\-* implies debug, debug implies info, info implies
  # error
  device\-log    = all
  main\-log      = debug
  console\-log   = debug

  # Log rotation parameters:
  #   log\-file\-size    \- max log file before rotation\. Use suffix
  #                      M for megabytes or K for kilobytes
  #   log\-backup\-files \- how many backup files to preserve during
  #                      rotation
  #
  max\-file\-size    = 256K
  max\-backup\-files = 5

  # Enable or disable ANSI colors on console
  console\-color = enable # enable | disable

  # ipp\-usb queries IPP printer attributes at the initialization time
  # for its own purposes and writes received attributes to the log\.
  # By default, only necessary attributes are requested from device\.
  #
  # If this parameter is set to true, all printer attributes will
  # be requested\. Normally, it only affects the logging\. However,
  # some enterprise\-level HP printers returns such huge amount of
  # data and do it so slowly, so it can cause initialization timeout\.
  # This is why this feature is not enabled by default
  get\-all\-printer\-attrs = false # false | true
.fi
.IP "" 0
.SS "Quirks"
Some devices, due to their firmware bugs, require special handling, called device\-specific \fBquirks\fR\. \fBipp\-usb\fR loads quirks from the \fB/usr/share/ipp\-usb/quirks/*\.conf\fR files and from the \fB/etc/ipp\-usb/quirks/*\.conf\fR files\. The \fB/etc/ipp\-usb/quirks\fR directory is for system quirks overrides or admin changes\. These files have \.INI\-file syntax with the content that looks like this:
.IP "" 4
.nf
[HP LaserJet MFP M28\-M31]
  http\-connection = keep\-alive

[HP OfficeJet Pro 8730]
  http\-connection = close

[HP Inc\. HP Laser MFP 135a]
  blacklist = true

# Default configuration
[*]
  http\-connection = ""
.fi
.IP "" 0
.P
For each discovered device, its model name is matched against sections of the quirks files\. Section names may contain glob\-style wildcards: \fB*\fR that matches any sequence of characters and \fB?\fR , that matches any single character\. To match one of these characters (\fB*\fR and \fB?\fR) literally, use backslash as escape\.
.P
Note, the simplest way to guess the exact model name for the particular device is to use \fBipp\-usb check\fR command, which prints a list of all connected devices\.
.P
All matching sections from all quirks files are taken in consideration, and applied in priority order\. Priority is computed using the following algorithm:
.IP "\(bu" 4
When matching model name against section name, amount of non\-wildcard matched characters is counted, and the longer match wins
.IP "\(bu" 4
Otherwise, section loaded first wins\. Files are loaded in alphabetical order, sections read sequentially
.IP "" 0
.P
If some parameter exist in multiple sections, used its value from the most priority section
.P
The following parameters are defined:
.IP "\(bu" 4
\fBblacklist = true | false\fR
.br
If \fBtrue\fR, the matching device is ignored by the \fBipp\-usb\fR
.IP "\(bu" 4
\fBbuggy\-ipp\-responses = reject | allow | sanitize\fR
.br
Some devices send buggy (malformed) IPP responses that violate IPP specification\. \fBipp\-usb\fR may \fBreject\fR these responses (so \fBipp\-usb\fR initialization will fail), \fBallow\fR them (\fBipp\-usb\fR initialization will succeed, but CUPS needs to accept them as well) or \fBsanitize\fR them (fix IPP specs violations)\.
.IP "\(bu" 4
\fBdisable\-fax = true | false\fR
.br
If \fBtrue\fR, the matching device's fax capability is ignored
.IP "\(bu" 4
\fBhttp\-XXX = YYY\fR
.br
Set XXX header of the HTTP requests forwarded to device to YYY\. If YYY is empty string, XXX header is removed
.IP "\(bu" 4
\fBignore\-ipp\-status = true | false\fR
.br
If \fBtrue\fR, IPP status of IPP requests sent by the \fBipp\-usb\fR by itself will be ignored\. This quirk is useful, when device correctly handles IPP request but returned status is not reliable\. Affects only \fBipp\-usb\fR initialization\.
.IP "\(bu" 4
\fBinit\-delay = NNN\fR
.br
Delay, in milliseconds, between device is opened and, optionally, reset, and the first request is sent to device
.IP "\(bu" 4
\fBinit\-reset = none | soft | hard\fR
.br
How to reset device during initialization\. Default is \fBnone\fR
.IP "\(bu" 4
\fBrequest\-delay\fR = NNN
.br
Delay, in milliseconds, between subsequent requests
.IP "\(bu" 4
\fBusb\-max\-interfaces = N\fR
.br
Don't use more that N USB interfaces, even if more is available
.IP "" 0
.P
If you found out about your device that it needs a quirk to work properly or it does not work with \fBipp\-usb\fR at all, although it provides IPP\-over\-USB interface, please report the issue at https://github\.com/OpenPrinting/ipp\-usb\. It will let us to update our collection of quirks, so helping other owners of such a device\.
.SH "FILES"
.IP "\(bu" 4
\fB/etc/ipp\-usb/ipp\-usb\.conf\fR: the daemon configuration file
.IP "\(bu" 4
\fB/var/log/ipp\-usb/main\.log\fR: the main log file
.IP "\(bu" 4
\fB/var/log/ipp\-usb/<DEVICE>\.log\fR: per\-device log files
.IP "\(bu" 4
\fB/var/ipp\-usb/dev/<DEVICE>\.state\fR: device state (HTTP port allocation, DNS\-SD name)
.IP "\(bu" 4
\fB/var/ipp\-usb/lock/ipp\-usb\.lock\fR: lock file, that helps to prevent multiple copies of daemon to run simultaneously
.IP "\(bu" 4
\fB/var/ipp\-usb/ctrl\fR: \fBipp\-usb\fR control socket\. Currently only used to obtain the per\-device status (printed by \fBipp\-usb status\fR), but its functionality may be extended in a future
.IP "\(bu" 4
\fB/usr/share/ipp\-usb/quirks/*\.conf\fR: device\-specific quirks (see above)
.IP "\(bu" 4
\fB/etc/ipp\-usb/quirks/*\.conf\fR: device\-specific quirks defined by sysadmin (see above)
.IP "" 0
.SH "COPYRIGHT"
Copyright (c) by Alexander Pevzner (pzz@apevzner\.com, pzz@pzz\.msk\.ru)
.br
All rights reserved\.
.P
This program is licensed under 2\-Clause BSD license\. See LICENSE file for details\.
.SH "SEE ALSO"
\fBcups(1)\fR