/share/man/man4/ng_l2tp.4

https://bitbucket.org/freebsd/freebsd-head/ · Forth · 330 lines · 330 code · 0 blank · 0 comment · 18 complexity · 57e96a2ab359580eb1e1bdd9fb30dc92 MD5 · raw file 

    

  1. .\" Copyright (c) 2001-2002 Packet Design, LLC.
    2. 

  2. .\" All rights reserved.
    3. 

  3. .\"
    4. 

  4. .\" Subject to the following obligations and disclaimer of warranty,
    5. 

  5. .\" use and redistribution of this software, in source or object code
    6. 

  6. .\" forms, with or without modifications are expressly permitted by
    7. 

  7. .\" Packet Design; provided, however, that:
    8. 

  8. .\"
    9. 

  9. .\"    (i)  Any and all reproductions of the source or object code
    10. 

  10. .\"         must include the copyright notice above and the following
    11. 

  11. .\"         disclaimer of warranties; and
    12. 

  12. .\"    (ii) No rights are granted, in any manner or form, to use
    13. 

  13. .\"         Packet Design trademarks, including the mark "PACKET DESIGN"
    14. 

  14. .\"         on advertising, endorsements, or otherwise except as such
    15. 

  15. .\"         appears in the above copyright notice or in the software.
    16. 

  16. .\"
    17. 

  17. .\" THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND
    18. 

  18. .\" TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO
    19. 

  19. .\" REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING
    20. 

  20. .\" THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED
    21. 

  21. .\" WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
    22. 

  22. .\" OR NON-INFRINGEMENT.  PACKET DESIGN DOES NOT WARRANT, GUARANTEE,
    23. 

  23. .\" OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS
    24. 

  24. .\" OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY,
    25. 

  25. .\" RELIABILITY OR OTHERWISE.  IN NO EVENT SHALL PACKET DESIGN BE
    26. 

  26. .\" LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE
    27. 

  27. .\" OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT,
    28. 

  28. .\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL
    29. 

  29. .\" DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
    30. 

  30. .\" USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF
    31. 

  31. .\" LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    32. 

  32. .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
    33. 

  33. .\" THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF
    34. 

  34. .\" THE POSSIBILITY OF SUCH DAMAGE.
    35. 

  35. .\"
    36. 

  36. .\" Author: Archie Cobbs <archie@FreeBSD.org>
    37. 

  37. .\"
    38. 

  38. .\" $FreeBSD$
    39. 

  39. .\"
    40. 

  40. .Dd August 2, 2004
    41. 

  41. .Dt NG_L2TP 4
    42. 

  42. .Os
    43. 

  43. .Sh NAME
    44. 

  44. .Nm ng_l2tp
    45. 

  45. .Nd L2TP protocol netgraph node type
    46. 

  46. .Sh SYNOPSIS
    47. 

  47. .In sys/types.h
    48. 

  48. .In netgraph/ng_l2tp.h
    49. 

  49. .Sh DESCRIPTION
    50. 

  50. The
    51. 

  51. .Nm l2tp
    52. 

  52. node type implements the encapsulation layer of the L2TP protocol
    53. 

  53. as described in RFC 2661.
    54. 

  54. This includes adding the L2TP packet header for outgoing packets
    55. 

  55. and verifying and removing it for incoming packets.
    56. 

  56. The node maintains the L2TP sequence number state and handles
    57. 

  57. control session packet acknowledgment and retransmission.
    58. 

  58. .Sh HOOKS
    59. 

  59. The
    60. 

  60. .Nm l2tp
    61. 

  61. node type supports the following hooks:
    62. 

  62. .Pp
    63. 

  63. .Bl -tag -compact -offset indent -width ".Dv session_hhhh"
    64. 

  64. .It Dv lower
    65. 

  65. L2TP frames.
    66. 

  66. .It Dv ctrl
    67. 

  67. Control packets.
    68. 

  68. .It Dv session_hhhh
    69. 

  69. Session 0xhhhh data packets.
    70. 

  70. .El
    71. 

  71. .Pp
    72. 

  72. L2TP control and data packets are transmitted to, and received from,
    73. 

  73. the L2TP peer via the
    74. 

  74. .Dv lower
    75. 

  75. hook.
    76. 

  76. Typically this hook would be connected to the
    77. 

  77. .Dv "inet/dgram/udp"
    78. 

  78. hook of an
    79. 

  79. .Xr ng_ksocket 4
    80. 

  80. node for L2TP over UDP.
    81. 

  81. .Pp
    82. 

  82. The
    83. 

  83. .Dv ctrl
    84. 

  84. hook connects to the local L2TP management entity.
    85. 

  85. L2TP control messages (without any L2TP headers) are transmitted
    86. 

  86. and received on this hook.
    87. 

  87. Messages written to this hook are guaranteed to be delivered to the
    88. 

  88. peer reliably, in order, and without duplicates.
    89. 

  89. .Pp
    90. 

  90. Packets written to the
    91. 

  91. .Dv ctrl
    92. 

  92. hook must contain a two byte session ID prepended to the frame
    93. 

  93. (in network order).
    94. 

  94. This session ID is copied to the outgoing L2TP header.
    95. 

  95. Similarly, packets read from the
    96. 

  96. .Dv ctrl
    97. 

  97. hook will have the received session ID prepended.
    98. 

  98. .Pp
    99. 

  99. Once an L2TP session has been created, the corresponding session
    100. 

  100. hook may be used to transmit and receive the session's data frames:
    101. 

  101. for the session with session ID
    102. 

  102. .Dv 0xabcd ,
    103. 

  103. the hook is named
    104. 

  104. .Dv session_abcd .
    105. 

  105. .Sh CONTROL MESSAGES
    106. 

  106. This node type supports the generic control messages, plus the following:
    107. 

  107. .Bl -tag -width indent
    108. 

  108. .It Dv NGM_L2TP_SET_CONFIG
    109. 

  109. This command updates the configuration of the node.
    110. 

  110. It takes a
    111. 

  111. .Vt "struct ng_l2tp_config"
    112. 

  112. as an argument:
    113. 

  113. .Bd -literal
    114. 

  114. /* Configuration for a node */
    115. 

  115. struct ng_l2tp_config {
    116. 

  116.     u_char      enabled;        /* enables traffic flow */
    117. 

  117.     u_char      match_id;       /* tunnel id must match 'tunnel_id' */
    118. 

  118.     uint16_t    tunnel_id;      /* local tunnel id */
    119. 

  119.     uint16_t    peer_id;        /* peer's tunnel id */
    120. 

  120.     uint16_t    peer_win;       /* peer's max recv window size */
    121. 

  121.     uint16_t    rexmit_max;     /* max retransmits before failure */
    122. 

  122.     uint16_t    rexmit_max_to;  /* max delay between retransmits */
    123. 

  123. };
    124. 

  124. .Ed
    125. 

  125. .Pp
    126. 

  126. The
    127. 

  127. .Va enabled
    128. 

  128. field enables packet processing.
    129. 

  129. Each time this field is changed back to zero the sequence
    130. 

  130. number state is reset.
    131. 

  131. In this way, reuse of a node is possible.
    132. 

  132. .Pp
    133. 

  133. The
    134. 

  134. .Va tunnel_id
    135. 

  135. field configures the local tunnel ID for the control connection.
    136. 

  136. The
    137. 

  137. .Va match_id
    138. 

  138. field determines how incoming L2TP packets with a tunnel ID
    139. 

  139. field different from
    140. 

  140. .Va tunnel_id
    141. 

  141. are handled.
    142. 

  142. If
    143. 

  143. .Va match_id
    144. 

  144. is non-zero, they will be dropped; otherwise, they will be dropped
    145. 

  145. only if the tunnel ID is non-zero.
    146. 

  146. Typically
    147. 

  147. .Va tunnel_id
    148. 

  148. is set to the local tunnel ID as soon as it is known and
    149. 

  149. .Va match_id
    150. 

  150. is set to non-zero after receipt of the SCCRP or SCCCN control message.
    151. 

  151. .Pp
    152. 

  152. The peer's tunnel ID should be set in
    153. 

  153. .Va peer_id
    154. 

  154. as soon as it is learned, typically after receipt of a SCCRQ or SCCRP
    155. 

  155. control message.
    156. 

  156. This value is copied into the L2TP header for outgoing packets.
    157. 

  157. .Pp
    158. 

  158. The
    159. 

  159. .Va peer_win
    160. 

  160. field should be set from the
    161. 

  161. .Dq "Receive Window Size"
    162. 

  162. AVP received from the peer.
    163. 

  163. The default value for this field is one; zero is an invalid value.
    164. 

  164. As long as
    165. 

  165. .Va enabled
    166. 

  166. is non-zero, this value may not be decreased.
    167. 

  167. .Pp
    168. 

  168. The
    169. 

  169. .Va rexmit_max
    170. 

  170. and
    171. 

  171. .Va rexmit_max_to
    172. 

  172. fields configure packet retransmission.
    173. 

  173. .Va rexmit_max_to
    174. 

  174. is the maximum retransmission delay between packets, in seconds.
    175. 

  175. The retransmit delay will start at a small value and increase
    176. 

  176. exponentially up to this limit.
    177. 

  177. The
    178. 

  178. .Va rexmit_max
    179. 

  179. sets the maximum number of times a packet will be retransmitted
    180. 

  180. without being acknowledged before a failure condition is declared.
    181. 

  181. Once a failure condition is declared, each additional retransmission
    182. 

  182. will cause the
    183. 

  183. .Nm l2tp
    184. 

  184. node to send a
    185. 

  185. .Dv NGM_L2TP_ACK_FAILURE
    186. 

  186. control message back to the node that sent the last
    187. 

  187. .Dv NGM_L2TP_SET_CONFIG .
    188. 

  188. Appropriate action should then be taken to shutdown the control connection.
    189. 

  189. .It Dv NGM_L2TP_GET_CONFIG
    190. 

  190. Returns the current configuration as a
    191. 

  191. .Vt "struct ng_l2tp_config" .
    192. 

  192. .It Dv NGM_L2TP_SET_SESS_CONFIG
    193. 

  193. This control message configures a single data session.
    194. 

  194. The corresponding hook must already be connected before sending this command.
    195. 

  195. The argument is a
    196. 

  196. .Vt "struct ng_l2tp_sess_config" :
    197. 

  197. .Bd -literal
    198. 

  198. /* Configuration for a session hook */
    199. 

  199. struct ng_l2tp_sess_config {
    200. 

  200.     uint16_t    session_id;     /* local session id */
    201. 

  201.     uint16_t    peer_id;        /* peer's session id */
    202. 

  202.     u_char      control_dseq;   /* we control data sequencing? */
    203. 

  203.     u_char      enable_dseq;    /* enable data sequencing? */
    204. 

  204.     u_char      include_length; /* include length field? */
    205. 

  205. };
    206. 

  206. .Ed
    207. 

  207. .Pp
    208. 

  208. The
    209. 

  209. .Va session_id
    210. 

  210. and
    211. 

  211. .Va peer_id
    212. 

  212. fields configure the local and remote session IDs, respectively.
    213. 

  213. .Pp
    214. 

  214. The
    215. 

  215. .Va control_dseq
    216. 

  216. and
    217. 

  217. .Va enable_dseq
    218. 

  218. fields determine whether sequence numbers are used with L2TP data packets.
    219. 

  219. If
    220. 

  220. .Va enable_dseq
    221. 

  221. is zero, then no sequence numbers are sent and incoming sequence numbers
    222. 

  222. are ignored.
    223. 

  223. Otherwise, sequence numbers are included on outgoing packets and checked
    224. 

  224. on incoming packets.
    225. 

  225. .Pp
    226. 

  226. If
    227. 

  227. .Va control_dseq
    228. 

  228. is non-zero, then the setting of
    229. 

  229. .Va enable_dseq
    230. 

  230. will never change except by another
    231. 

  231. .Dv NGM_L2TP_SET_SESS_CONFIG
    232. 

  232. control message.
    233. 

  233. If
    234. 

  234. .Va control_dseq
    235. 

  235. is zero, then the peer controls whether sequence numbers are used:
    236. 

  236. if an incoming L2TP data packet contains sequence numbers,
    237. 

  237. .Va enable_dseq
    238. 

  238. is set to one, and conversely if an incoming L2TP data packet does not
    239. 

  239. contain sequence numbers,
    240. 

  240. .Va enable_dseq
    241. 

  241. is set to zero.
    242. 

  242. The current value of
    243. 

  243. .Va enable_dseq
    244. 

  244. is always accessible via the
    245. 

  245. .Dv NGM_L2TP_GET_SESS_CONFIG
    246. 

  246. control message (see below).
    247. 

  247. Typically an LNS would set
    248. 

  248. .Va control_dseq
    249. 

  249. to one while a LAC would set
    250. 

  250. .Va control_dseq
    251. 

  251. to zero (if the Sequencing Required AVP were not sent), thus giving
    252. 

  252. control of data packet sequencing to the LNS.
    253. 

  253. .Pp
    254. 

  254. The
    255. 

  255. .Va include_length
    256. 

  256. field determines whether the L2TP header length field is included
    257. 

  257. in outgoing L2TP data packets.
    258. 

  258. For incoming packets, the L2TP length field is always checked when present.
    259. 

  259. .It Dv NGM_L2TP_GET_SESS_CONFIG
    260. 

  260. This command takes a two byte session ID as an argument and returns
    261. 

  261. the current configuration for the corresponding data session as a
    262. 

  262. .Vt "struct ng_l2tp_sess_config" .
    263. 

  263. The corresponding session hook must be connected.
    264. 

  264. .It Dv NGM_L2TP_GET_STATS
    265. 

  265. This command returns a
    266. 

  266. .Vt "struct ng_l2tp_stats"
    267. 

  267. containing statistics of the L2TP tunnel.
    268. 

  268. .It Dv NGM_L2TP_CLR_STATS
    269. 

  269. This command clears the statistics for the L2TP tunnel.
    270. 

  270. .It Dv NGM_L2TP_GETCLR_STATS
    271. 

  271. Same as
    272. 

  272. .Dv NGM_L2TP_GET_STATS ,
    273. 

  273. but also atomically clears the statistics as well.
    274. 

  274. .It Dv NGM_L2TP_GET_SESSION_STATS
    275. 

  275. This command takes a two byte session ID as an argument and returns a
    276. 

  276. .Vt "struct ng_l2tp_session_stats"
    277. 

  277. containing statistics for the corresponding data session.
    278. 

  278. The corresponding session hook must be connected.
    279. 

  279. .It Dv NGM_L2TP_CLR_SESSION_STATS
    280. 

  280. This command takes a two byte session ID as an argument and
    281. 

  281. clears the statistics for that data session.
    282. 

  282. The corresponding session hook must be connected.
    283. 

  283. .It Dv NGM_L2TP_GETCLR_SESSION_STATS
    284. 

  284. Same as
    285. 

  285. .Dv NGM_L2TP_GET_SESSION_STATS ,
    286. 

  286. but also atomically clears the statistics as well.
    287. 

  287. .It Dv NGM_L2TP_SET_SEQ
    288. 

  288. This command sets the sequence numbers of a not yet enabled node.
    289. 

  289. It takes a
    290. 

  290. .Vt "struct ng_l2tp_seq_config"
    291. 

  291. as argument, where
    292. 

  292. .Va xack
    293. 

  293. and
    294. 

  294. .Va nr
    295. 

  295. respectively
    296. 

  296. .Va ns
    297. 

  297. and
    298. 

  298. .Va rack
    299. 

  299. must be the same.
    300. 

  300. This option is particularly useful if one receives and processes
    301. 

  301. the first packet entirely in userspace and wants to hand over further
    302. 

  302. processing to the node.
    303. 

  303. .El
    304. 

  304. .Sh SHUTDOWN
    305. 

  305. This node shuts down upon receipt of a
    306. 

  306. .Dv NGM_SHUTDOWN
    307. 

  307. control message, or when all hooks have been disconnected.
    308. 

  308. .Sh SEE ALSO
    309. 

  309. .Xr netgraph 4 ,
    310. 

  310. .Xr ng_ksocket 4 ,
    311. 

  311. .Xr ng_ppp 4 ,
    312. 

  312. .Xr ng_pptpgre 4 ,
    313. 

  313. .Xr ngctl 8
    314. 

  314. .Rs
    315. 

  315. .%A W. Townsley
    316. 

  316. .%A A. Valencia
    317. 

  317. .%A A. Rubens
    318. 

  318. .%A G. Pall
    319. 

  319. .%A G. Zorn
    320. 

  320. .%A B. Palter
    321. 

  321. .%T "Layer Two Tunneling Protocol L2TP"
    322. 

  322. .%O RFC 2661
    323. 

  323. .Re
    324. 

  324. .Sh HISTORY
    325. 

  325. The
    326. 

  326. .Nm l2tp
    327. 

  327. node type was developed at Packet Design, LLC,
    328. 

  328. .Pa http://www.packetdesign.com/ .
    329. 

  329. .Sh AUTHORS
    330. 

  330. .An Archie Cobbs Aq archie@packetdesign.com
    331.