1.\" Copyright (c) 2001-2002 Packet Design, LLC. 2.\" All rights reserved. 3.\" 4.\" Subject to the following obligations and disclaimer of warranty, 5.\" use and redistribution of this software, in source or object code 6.\" forms, with or without modifications are expressly permitted by 7.\" Packet Design; provided, however, that: 8.\" 9.\" (i) Any and all reproductions of the source or object code 10.\" must include the copyright notice above and the following 11.\" disclaimer of warranties; and 12.\" (ii) No rights are granted, in any manner or form, to use 13.\" Packet Design trademarks, including the mark "PACKET DESIGN" 14.\" on advertising, endorsements, or otherwise except as such 15.\" appears in the above copyright notice or in the software. 16.\" 17.\" THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND 18.\" TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO 19.\" REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING 20.\" THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED 21.\" WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, 22.\" OR NON-INFRINGEMENT. PACKET DESIGN DOES NOT WARRANT, GUARANTEE, 23.\" OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS 24.\" OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, 25.\" RELIABILITY OR OTHERWISE. IN NO EVENT SHALL PACKET DESIGN BE 26.\" LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE 27.\" OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT, 28.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL 29.\" DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF 30.\" USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF 31.\" LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 33.\" THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF 34.\" THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" Author: Archie Cobbs <archie@FreeBSD.org> 37.\" 38.Dd November 13, 2012 39.Dt NG_L2TP 4 40.Os 41.Sh NAME 42.Nm ng_l2tp 43.Nd L2TP protocol netgraph node type 44.Sh SYNOPSIS 45.In sys/types.h 46.In netgraph/ng_l2tp.h 47.Sh DESCRIPTION 48The 49.Nm l2tp 50node type implements the encapsulation layer of the L2TP protocol 51as described in RFC 2661. 52This includes adding the L2TP packet header for outgoing packets 53and verifying and removing it for incoming packets. 54The node maintains the L2TP sequence number state and handles 55control session packet acknowledgment and retransmission. 56.Sh HOOKS 57The 58.Nm l2tp 59node type supports the following hooks: 60.Bl -tag -width ".Va session_hhhh" 61.It Va lower 62L2TP frames. 63.It Va ctrl 64Control packets. 65.It Va session_hhhh 66Session 0xhhhh data packets. 67.El 68.Pp 69L2TP control and data packets are transmitted to, and received from, 70the L2TP peer via the 71.Dv lower 72hook. 73Typically this hook would be connected to the 74.Dv "inet/dgram/udp" 75hook of an 76.Xr ng_ksocket 4 77node for L2TP over UDP. 78.Pp 79The 80.Dv ctrl 81hook connects to the local L2TP management entity. 82L2TP control messages (without any L2TP headers) are transmitted 83and received on this hook. 84Messages written to this hook are guaranteed to be delivered to the 85peer reliably, in order, and without duplicates. 86.Pp 87Packets written to the 88.Dv ctrl 89hook must contain a two byte session ID prepended to the frame 90(in network order). 91This session ID is copied to the outgoing L2TP header. 92Similarly, packets read from the 93.Dv ctrl 94hook will have the received session ID prepended. 95.Pp 96Once an L2TP session has been created, the corresponding session 97hook may be used to transmit and receive the session's data frames: 98for the session with session ID 99.Dv 0xabcd , 100the hook is named 101.Dv session_abcd . 102.Sh CONTROL MESSAGES 103This node type supports the generic control messages, plus the following: 104.Bl -tag -width foo 105.It Dv NGM_L2TP_SET_CONFIG Pq Ic setconfig 106This command updates the configuration of the node. 107It takes a 108.Vt "struct ng_l2tp_config" 109as an argument: 110.Bd -literal 111/* Configuration for a node */ 112struct ng_l2tp_config { 113 u_char enabled; /* enables traffic flow */ 114 u_char match_id; /* tunnel id must match 'tunnel_id' */ 115 uint16_t tunnel_id; /* local tunnel id */ 116 uint16_t peer_id; /* peer's tunnel id */ 117 uint16_t peer_win; /* peer's max recv window size */ 118 uint16_t rexmit_max; /* max retransmits before failure */ 119 uint16_t rexmit_max_to; /* max delay between retransmits */ 120}; 121.Ed 122.Pp 123The 124.Va enabled 125field enables packet processing. 126Each time this field is changed back to zero the sequence 127number state is reset. 128In this way, reuse of a node is possible. 129.Pp 130The 131.Va tunnel_id 132field configures the local tunnel ID for the control connection. 133The 134.Va match_id 135field determines how incoming L2TP packets with a tunnel ID 136field different from 137.Va tunnel_id 138are handled. 139If 140.Va match_id 141is non-zero, they will be dropped; otherwise, they will be dropped 142only if the tunnel ID is non-zero. 143Typically 144.Va tunnel_id 145is set to the local tunnel ID as soon as it is known and 146.Va match_id 147is set to non-zero after receipt of the SCCRP or SCCCN control message. 148.Pp 149The peer's tunnel ID should be set in 150.Va peer_id 151as soon as it is learned, typically after receipt of a SCCRQ or SCCRP 152control message. 153This value is copied into the L2TP header for outgoing packets. 154.Pp 155The 156.Va peer_win 157field should be set from the 158.Dq "Receive Window Size" 159AVP received from the peer. 160The default value for this field is one; zero is an invalid value. 161As long as 162.Va enabled 163is non-zero, this value may not be decreased. 164.Pp 165The 166.Va rexmit_max 167and 168.Va rexmit_max_to 169fields configure packet retransmission. 170.Va rexmit_max_to 171is the maximum retransmission delay between packets, in seconds. 172The retransmit delay will start at a small value and increase 173exponentially up to this limit. 174The 175.Va rexmit_max 176sets the maximum number of times a packet will be retransmitted 177without being acknowledged before a failure condition is declared. 178Once a failure condition is declared, each additional retransmission 179will cause the 180.Nm l2tp 181node to send a 182.Dv NGM_L2TP_ACK_FAILURE Pq Ic ackfailure 183control message back to the node that sent the last 184.Dv NGM_L2TP_SET_CONFIG . 185Appropriate action should then be taken to shutdown the control connection. 186.It Dv NGM_L2TP_GET_CONFIG Pq Ic getconfig 187Returns the current configuration as a 188.Vt "struct ng_l2tp_config" . 189.It Dv NGM_L2TP_SET_SESS_CONFIG Pq Ic setsessconfig 190This control message configures a single data session. 191The corresponding hook must already be connected before sending this command. 192The argument is a 193.Vt "struct ng_l2tp_sess_config" : 194.Bd -literal 195/* Configuration for a session hook */ 196struct ng_l2tp_sess_config { 197 uint16_t session_id; /* local session id */ 198 uint16_t peer_id; /* peer's session id */ 199 u_char control_dseq; /* whether we control data sequencing */ 200 u_char enable_dseq; /* whether to enable data sequencing */ 201 u_char include_length; /* whether to include length field */ 202}; 203.Ed 204.Pp 205The 206.Va session_id 207and 208.Va peer_id 209fields configure the local and remote session IDs, respectively. 210.Pp 211The 212.Va control_dseq 213and 214.Va enable_dseq 215fields determine whether sequence numbers are used with L2TP data packets. 216If 217.Va enable_dseq 218is zero, then no sequence numbers are sent and incoming sequence numbers 219are ignored. 220Otherwise, sequence numbers are included on outgoing packets and checked 221on incoming packets. 222.Pp 223If 224.Va control_dseq 225is non-zero, then the setting of 226.Va enable_dseq 227will never change except by another 228.Dv NGM_L2TP_SET_SESS_CONFIG 229control message. 230If 231.Va control_dseq 232is zero, then the peer controls whether sequence numbers are used: 233if an incoming L2TP data packet contains sequence numbers, 234.Va enable_dseq 235is set to one, and conversely if an incoming L2TP data packet does not 236contain sequence numbers, 237.Va enable_dseq 238is set to zero. 239The current value of 240.Va enable_dseq 241is always accessible via the 242.Dv NGM_L2TP_GET_SESS_CONFIG 243control message (see below). 244Typically an LNS would set 245.Va control_dseq 246to one while a LAC would set 247.Va control_dseq 248to zero (if the Sequencing Required AVP were not sent), thus giving 249control of data packet sequencing to the LNS. 250.Pp 251The 252.Va include_length 253field determines whether the L2TP header length field is included 254in outgoing L2TP data packets. 255For incoming packets, the L2TP length field is always checked when present. 256.It Dv NGM_L2TP_GET_SESS_CONFIG Pq Ic getsessconfig 257This command takes a two byte session ID as an argument and returns 258the current configuration for the corresponding data session as a 259.Vt "struct ng_l2tp_sess_config" . 260The corresponding session hook must be connected. 261.It Dv NGM_L2TP_GET_STATS Pq Ic getstats 262This command returns a 263.Vt "struct ng_l2tp_stats" 264containing statistics of the L2TP tunnel. 265.It Dv NGM_L2TP_CLR_STATS Pq Ic clrstats 266This command clears the statistics for the L2TP tunnel. 267.It Dv NGM_L2TP_GETCLR_STATS Pq Ic getclrstats 268Same as 269.Dv NGM_L2TP_GET_STATS , 270but also atomically clears the statistics as well. 271.It Dv NGM_L2TP_GET_SESSION_STATS Pq Ic getsessstats 272This command takes a two byte session ID as an argument and returns a 273.Vt "struct ng_l2tp_session_stats" 274containing statistics for the corresponding data session. 275The corresponding session hook must be connected. 276.It Dv NGM_L2TP_CLR_SESSION_STATS Pq Ic clrsessstats 277This command takes a two byte session ID as an argument and 278clears the statistics for that data session. 279The corresponding session hook must be connected. 280.It Dv NGM_L2TP_GETCLR_SESSION_STATS Pq Ic getclrsessstats 281Same as 282.Dv NGM_L2TP_GET_SESSION_STATS , 283but also atomically clears the statistics as well. 284.It Dv NGM_L2TP_SET_SEQ Pq Ic setsequence 285This command sets the sequence numbers of a not yet enabled node. 286It takes a 287.Vt "struct ng_l2tp_seq_config" 288as argument, where 289.Va xack 290and 291.Va nr 292respectively 293.Va ns 294and 295.Va rack 296must be the same. 297This option is particularly useful if one receives and processes 298the first packet entirely in userspace and wants to hand over further 299processing to the node. 300.El 301.Sh SHUTDOWN 302This node shuts down upon receipt of a 303.Dv NGM_SHUTDOWN 304control message, or when all hooks have been disconnected. 305.Sh SEE ALSO 306.Xr netgraph 4 , 307.Xr ng_ksocket 4 , 308.Xr ng_ppp 4 , 309.Xr ng_pptpgre 4 , 310.Xr ngctl 8 311.Rs 312.%A W. Townsley 313.%A A. Valencia 314.%A A. Rubens 315.%A G. Pall 316.%A G. Zorn 317.%A B. Palter 318.%T "Layer Two Tunneling Protocol L2TP" 319.%O RFC 2661 320.Re 321.Sh HISTORY 322The 323.Nm l2tp 324node type was developed at Packet Design, LLC, 325.Pa http://www.packetdesign.com/ . 326.Sh AUTHORS 327.An Archie Cobbs Aq Mt archie@packetdesign.com 328