1.\" Copyright (c) 2001-2002 Packet Design, LLC. 2.\" All rights reserved. 3.\" 4.\" Subject to the following obligations and disclaimer of warranty, 5.\" use and redistribution of this software, in source or object code 6.\" forms, with or without modifications are expressly permitted by 7.\" Packet Design; provided, however, that: 8.\" 9.\" (i) Any and all reproductions of the source or object code 10.\" must include the copyright notice above and the following 11.\" disclaimer of warranties; and 12.\" (ii) No rights are granted, in any manner or form, to use 13.\" Packet Design trademarks, including the mark "PACKET DESIGN" 14.\" on advertising, endorsements, or otherwise except as such 15.\" appears in the above copyright notice or in the software. 16.\" 17.\" THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND 18.\" TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO 19.\" REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING 20.\" THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED 21.\" WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, 22.\" OR NON-INFRINGEMENT. PACKET DESIGN DOES NOT WARRANT, GUARANTEE, 23.\" OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS 24.\" OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, 25.\" RELIABILITY OR OTHERWISE. IN NO EVENT SHALL PACKET DESIGN BE 26.\" LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE 27.\" OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT, 28.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL 29.\" DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF 30.\" USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF 31.\" LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 33.\" THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF 34.\" THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" Author: Archie Cobbs <archie@FreeBSD.org> 37.\" 38.\" $FreeBSD$ 39.\" 40.Dd April 22, 2002 41.Dt NG_L2TP 4 42.Os 43.Sh NAME 44.Nm ng_l2tp 45.Nd L2TP protocol netgraph node type 46.Sh SYNOPSIS 47.In netgraph/ng_l2tp.h 48.Sh DESCRIPTION 49The 50.Nm l2tp 51node type implements the encapsulation layer of the L2TP protocol 52as described in RFC 2661. 53This includes adding the L2TP packet header for outgoing packets 54and verifying and removing it for incoming packets. 55The node maintains the L2TP sequence number state and handles 56control session packet acknowledgment and retransmission. 57.Sh HOOKS 58The 59.Nm l2tp 60node type supports the following hooks: 61.Pp 62.Bl -tag -compact -offset indent -width ".Dv session_hhhh" 63.It Dv lower 64L2TP frames. 65.It Dv ctrl 66Control packets. 67.It Dv session_hhhh 68Session 0xhhhh data packets. 69.El 70.Pp 71L2TP control and data packets are transmitted to, and received from, 72the L2TP peer via the 73.Dv lower 74hook. 75Typically this hook would be connected to the 76.Dv "inet/dgram/udp" 77hook of an 78.Xr ng_ksocket 4 79node for L2TP over UDP. 80.Pp 81The 82.Dv ctrl 83hook connects to the local L2TP management entity. 84L2TP control messages (without any L2TP headers) are transmitted 85and received on this hook. 86Messages written to this hook are guaranteed to be delivered to the 87peer reliably, in order, and without duplicates. 88.Pp 89Packets written to the 90.Dv ctrl 91hook must contain a two byte session ID prepended to the frame 92(in network order). 93This session ID is copied to the outgoing L2TP header. 94Similarly, packets read from the 95.Dv ctrl 96hook will have the received session ID prepended. 97.Pp 98Once an L2TP session has been created, the corresponding session 99hook may be used to transmit and receive the session's data frames: 100for the session with session ID 101.Dv 0xabcd , 102the hook is named 103.Dv session_abcd . 104.Sh CONTROL MESSAGES 105This node type supports the generic control messages, plus the following: 106.Bl -tag -width indent 107.It Dv NGM_L2TP_SET_CONFIG 108This command updates the configuration of the node. 109It takes a 110.Vt "struct ng_l2tp_config" 111as an argument: 112.Bd -literal 113/* Configuration for a node */ 114struct ng_l2tp_config { 115 u_char enabled; /* enables traffic flow */ 116 u_char match_id; /* tunnel id must match 'tunnel_id' */ 117 u_int16_t tunnel_id; /* local tunnel id */ 118 u_int16_t peer_id; /* peer's tunnel id */ 119 u_int16_t peer_win; /* peer's max recv window size */ 120 u_int16_t rexmit_max; /* max retransmits before failure */ 121 u_int16_t rexmit_max_to; /* max delay between retransmits */ 122}; 123.Ed 124.Pp 125The 126.Va enabled 127field enables packet processing. 128Each time this field is changed back to zero the sequence 129number state is reset. 130In this way, reuse of a node is possible. 131.Pp 132The 133.Va tunnel_id 134field configures the local tunnel ID for the control connection. 135The 136.Va match_id 137field determines how incoming L2TP packets with a tunnel ID 138field different from 139.Va tunnel_id 140are handled. 141If 142.Va match_id 143is non-zero, they will be dropped; otherwise, they will be dropped 144only if the tunnel ID is non-zero. 145Typically 146.Va tunnel_id 147is set to the local tunnel ID as soon as it is known and 148.Va match_id 149is set to non-zero after receipt of the SCCRP or SCCCN control message. 150.Pp 151The peer's tunnel ID should be set in 152.Va peer_id 153as soon as it is learned, typically after receipt of a SCCRQ or SCCRP 154control message. 155This value is copied into the L2TP header for outgoing packets. 156.Pp 157The 158.Va peer_win 159field should be set from the 160.Dq "Receive Window Size" 161AVP received from the peer. 162The default value for this field is one; zero is an invalid value. 163As long as 164.Va enabled 165is non-zero, this value may not be decreased. 166.Pp 167The 168.Va rexmit_max 169and 170.Va rexmit_max_to 171fields configure packet retransmission. 172.Va rexmit_max_to 173is the maximum retransmission delay between packets, in seconds. 174The retransmit delay will start at a small value and increase 175exponentially up to this limit. 176The 177.Va rexmit_max 178sets the maximum number of times a packet will be retransmitted 179without being acknowledged before a failure condition is declared. 180Once a failure condition is declared, each additional retransmission 181will cause the 182.Nm l2tp 183node to send a 184.Dv NGM_L2TP_ACK_FAILURE 185control message back to the node that sent the last 186.Dv NGM_L2TP_SET_CONFIG . 187Appropriate action should then be taken to shutdown the control connection. 188.It Dv NGM_L2TP_GET_CONFIG 189Returns the current configuration as a 190.Vt "struct ng_l2tp_config" . 191.It Dv NGM_L2TP_SET_SESS_CONFIG 192This control message configures a single data session. 193The corresponding hook must already be connected before sending this command. 194The argument is a 195.Vt "struct ng_l2tp_sess_config" : 196.Bd -literal 197/* Configuration for a session hook */ 198struct ng_l2tp_sess_config { 199 u_int16_t session_id; /* local session id */ 200 u_int16_t peer_id; /* peer's session id */ 201 u_char control_dseq; /* we control data sequencing? */ 202 u_char enable_dseq; /* enable data sequencing? */ 203 u_char include_length; /* include length field? */ 204}; 205.Ed 206.Pp 207The 208.Va session_id 209and 210.Va peer_id 211fields configure the local and remote session IDs, respectively. 212.Pp 213The 214.Va control_dseq 215and 216.Va enable_dseq 217fields determine whether sequence numbers are used with L2TP data packets. 218If 219.Va enable_dseq 220is zero, then no sequence numbers are sent and incoming sequence numbers 221are ignored. 222Otherwise, sequence numbers are included on outgoing packets and checked 223on incoming packets. 224.Pp 225If 226.Va control_dseq 227is non-zero, then the setting of 228.Va enable_dseq 229will never change except by another 230.Dv NGM_L2TP_SET_SESS_CONFIG 231control message. 232If 233.Va control_dseq 234is zero, then the peer controls whether sequence numbers are used: 235if an incoming L2TP data packet contains sequence numbers, 236.Va enable_dseq 237is set to one, and conversely if an incoming L2TP data packet does not 238contain sequence numbers, 239.Va enable_dseq 240is set to zero. 241The current value of 242.Va enable_dseq 243is always accessible via the 244.Dv NGM_L2TP_GET_SESS_CONFIG 245control message (see below). 246Typically an LNS would set 247.Va control_dseq 248to one while a LAC would set 249.Va control_dseq 250to zero (if the Sequencing Required AVP were not sent), thus giving 251control of data packet sequencing to the LNS. 252.Pp 253The 254.Va include_length 255field determines whether the L2TP header length field is included 256in outgoing L2TP data packets. 257For incoming packets, the L2TP length field is always checked when present. 258.It Dv NGM_L2TP_GET_SESS_CONFIG 259This command takes a two byte session ID as an argument and returns 260the current configuration for the corresponding data session as a 261.Vt "struct ng_l2tp_sess_config" . 262The corresponding session hook must be connected. 263.It Dv NGM_L2TP_GET_STATS 264This command takes a two byte session ID as an argument and returns a 265.Vt "struct ng_l2tp_stats" 266containing statistics for the corresponding data session. 267The corresponding session hook must be connected. 268.It Dv NGM_L2TP_CLR_STATS 269This command takes a two byte session ID as an argument and 270clears the statistics for that data session. 271The corresponding session hook must be connected. 272.It Dv NGM_L2TP_GETCLR_STATS 273Same as 274.Dv NGM_L2TP_GET_STATS , 275but also atomically clears the statistics as well. 276.El 277.Sh SHUTDOWN 278This node shuts down upon receipt of a 279.Dv NGM_SHUTDOWN 280control message, or when all hooks have been disconnected. 281.Sh SEE ALSO 282.Xr netgraph 4 , 283.Xr ng_ksocket 4 , 284.Xr ng_ppp 4 , 285.Xr ng_pptp 4 , 286.Xr ngctl 8 287.Rs 288.%A W. Townsley 289.%A A. Valencia 290.%A A. Rubens 291.%A G. Pall 292.%A G. Zorn 293.%A B. Palter 294.%T "Layer Two Tunneling Protocol L2TP" 295.%O RFC 2661 296.Re 297.Sh HISTORY 298The 299.Nm l2tp 300node type was developed at Packet Design, LLC, 301.Pa http://www.packetdesign.com/ . 302.Sh AUTHORS 303.An Archie Cobbs Aq archie@packetdesign.com 304