xref: /freebsd/share/man/man4/ng_l2tp.4 (revision fcb560670601b2a4d87bb31d7531c8dcc37ee71b)
1.\" Copyright (c) 2001-2002 Packet Design, LLC.
2.\" All rights reserved.
3.\"
4.\" Subject to the following obligations and disclaimer of warranty,
5.\" use and redistribution of this software, in source or object code
6.\" forms, with or without modifications are expressly permitted by
7.\" Packet Design; provided, however, that:
8.\"
9.\"    (i)  Any and all reproductions of the source or object code
10.\"         must include the copyright notice above and the following
11.\"         disclaimer of warranties; and
12.\"    (ii) No rights are granted, in any manner or form, to use
13.\"         Packet Design trademarks, including the mark "PACKET DESIGN"
14.\"         on advertising, endorsements, or otherwise except as such
15.\"         appears in the above copyright notice or in the software.
16.\"
17.\" THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND
18.\" TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO
19.\" REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING
20.\" THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED
21.\" WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
22.\" OR NON-INFRINGEMENT.  PACKET DESIGN DOES NOT WARRANT, GUARANTEE,
23.\" OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS
24.\" OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY,
25.\" RELIABILITY OR OTHERWISE.  IN NO EVENT SHALL PACKET DESIGN BE
26.\" LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE
27.\" OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT,
28.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL
29.\" DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
30.\" USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF
31.\" LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
33.\" THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF
34.\" THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" Author: Archie Cobbs <archie@FreeBSD.org>
37.\"
38.\" $FreeBSD$
39.\"
40.Dd November 13, 2012
41.Dt NG_L2TP 4
42.Os
43.Sh NAME
44.Nm ng_l2tp
45.Nd L2TP protocol netgraph node type
46.Sh SYNOPSIS
47.In sys/types.h
48.In netgraph/ng_l2tp.h
49.Sh DESCRIPTION
50The
51.Nm l2tp
52node type implements the encapsulation layer of the L2TP protocol
53as described in RFC 2661.
54This includes adding the L2TP packet header for outgoing packets
55and verifying and removing it for incoming packets.
56The node maintains the L2TP sequence number state and handles
57control session packet acknowledgment and retransmission.
58.Sh HOOKS
59The
60.Nm l2tp
61node type supports the following hooks:
62.Bl -tag -width ".Va session_hhhh"
63.It Va lower
64L2TP frames.
65.It Va ctrl
66Control packets.
67.It Va session_hhhh
68Session 0xhhhh data packets.
69.El
70.Pp
71L2TP control and data packets are transmitted to, and received from,
72the L2TP peer via the
73.Dv lower
74hook.
75Typically this hook would be connected to the
76.Dv "inet/dgram/udp"
77hook of an
78.Xr ng_ksocket 4
79node for L2TP over UDP.
80.Pp
81The
82.Dv ctrl
83hook connects to the local L2TP management entity.
84L2TP control messages (without any L2TP headers) are transmitted
85and received on this hook.
86Messages written to this hook are guaranteed to be delivered to the
87peer reliably, in order, and without duplicates.
88.Pp
89Packets written to the
90.Dv ctrl
91hook must contain a two byte session ID prepended to the frame
92(in network order).
93This session ID is copied to the outgoing L2TP header.
94Similarly, packets read from the
95.Dv ctrl
96hook will have the received session ID prepended.
97.Pp
98Once an L2TP session has been created, the corresponding session
99hook may be used to transmit and receive the session's data frames:
100for the session with session ID
101.Dv 0xabcd ,
102the hook is named
103.Dv session_abcd .
104.Sh CONTROL MESSAGES
105This node type supports the generic control messages, plus the following:
106.Bl -tag -width foo
107.It Dv NGM_L2TP_SET_CONFIG Pq Ic setconfig
108This command updates the configuration of the node.
109It takes a
110.Vt "struct ng_l2tp_config"
111as an argument:
112.Bd -literal
113/* Configuration for a node */
114struct ng_l2tp_config {
115    u_char      enabled;        /* enables traffic flow */
116    u_char      match_id;       /* tunnel id must match 'tunnel_id' */
117    uint16_t    tunnel_id;      /* local tunnel id */
118    uint16_t    peer_id;        /* peer's tunnel id */
119    uint16_t    peer_win;       /* peer's max recv window size */
120    uint16_t    rexmit_max;     /* max retransmits before failure */
121    uint16_t    rexmit_max_to;  /* max delay between retransmits */
122};
123.Ed
124.Pp
125The
126.Va enabled
127field enables packet processing.
128Each time this field is changed back to zero the sequence
129number state is reset.
130In this way, reuse of a node is possible.
131.Pp
132The
133.Va tunnel_id
134field configures the local tunnel ID for the control connection.
135The
136.Va match_id
137field determines how incoming L2TP packets with a tunnel ID
138field different from
139.Va tunnel_id
140are handled.
141If
142.Va match_id
143is non-zero, they will be dropped; otherwise, they will be dropped
144only if the tunnel ID is non-zero.
145Typically
146.Va tunnel_id
147is set to the local tunnel ID as soon as it is known and
148.Va match_id
149is set to non-zero after receipt of the SCCRP or SCCCN control message.
150.Pp
151The peer's tunnel ID should be set in
152.Va peer_id
153as soon as it is learned, typically after receipt of a SCCRQ or SCCRP
154control message.
155This value is copied into the L2TP header for outgoing packets.
156.Pp
157The
158.Va peer_win
159field should be set from the
160.Dq "Receive Window Size"
161AVP received from the peer.
162The default value for this field is one; zero is an invalid value.
163As long as
164.Va enabled
165is non-zero, this value may not be decreased.
166.Pp
167The
168.Va rexmit_max
169and
170.Va rexmit_max_to
171fields configure packet retransmission.
172.Va rexmit_max_to
173is the maximum retransmission delay between packets, in seconds.
174The retransmit delay will start at a small value and increase
175exponentially up to this limit.
176The
177.Va rexmit_max
178sets the maximum number of times a packet will be retransmitted
179without being acknowledged before a failure condition is declared.
180Once a failure condition is declared, each additional retransmission
181will cause the
182.Nm l2tp
183node to send a
184.Dv NGM_L2TP_ACK_FAILURE Pq Ic ackfailure
185control message back to the node that sent the last
186.Dv NGM_L2TP_SET_CONFIG .
187Appropriate action should then be taken to shutdown the control connection.
188.It Dv NGM_L2TP_GET_CONFIG Pq Ic getconfig
189Returns the current configuration as a
190.Vt "struct ng_l2tp_config" .
191.It Dv NGM_L2TP_SET_SESS_CONFIG Pq Ic setsessconfig
192This control message configures a single data session.
193The corresponding hook must already be connected before sending this command.
194The argument is a
195.Vt "struct ng_l2tp_sess_config" :
196.Bd -literal
197/* Configuration for a session hook */
198struct ng_l2tp_sess_config {
199    uint16_t    session_id;     /* local session id */
200    uint16_t    peer_id;        /* peer's session id */
201    u_char      control_dseq;   /* whether we control data sequencing */
202    u_char      enable_dseq;    /* whether to enable data sequencing */
203    u_char      include_length; /* whether to include length field */
204};
205.Ed
206.Pp
207The
208.Va session_id
209and
210.Va peer_id
211fields configure the local and remote session IDs, respectively.
212.Pp
213The
214.Va control_dseq
215and
216.Va enable_dseq
217fields determine whether sequence numbers are used with L2TP data packets.
218If
219.Va enable_dseq
220is zero, then no sequence numbers are sent and incoming sequence numbers
221are ignored.
222Otherwise, sequence numbers are included on outgoing packets and checked
223on incoming packets.
224.Pp
225If
226.Va control_dseq
227is non-zero, then the setting of
228.Va enable_dseq
229will never change except by another
230.Dv NGM_L2TP_SET_SESS_CONFIG
231control message.
232If
233.Va control_dseq
234is zero, then the peer controls whether sequence numbers are used:
235if an incoming L2TP data packet contains sequence numbers,
236.Va enable_dseq
237is set to one, and conversely if an incoming L2TP data packet does not
238contain sequence numbers,
239.Va enable_dseq
240is set to zero.
241The current value of
242.Va enable_dseq
243is always accessible via the
244.Dv NGM_L2TP_GET_SESS_CONFIG
245control message (see below).
246Typically an LNS would set
247.Va control_dseq
248to one while a LAC would set
249.Va control_dseq
250to zero (if the Sequencing Required AVP were not sent), thus giving
251control of data packet sequencing to the LNS.
252.Pp
253The
254.Va include_length
255field determines whether the L2TP header length field is included
256in outgoing L2TP data packets.
257For incoming packets, the L2TP length field is always checked when present.
258.It Dv NGM_L2TP_GET_SESS_CONFIG Pq Ic getsessconfig
259This command takes a two byte session ID as an argument and returns
260the current configuration for the corresponding data session as a
261.Vt "struct ng_l2tp_sess_config" .
262The corresponding session hook must be connected.
263.It Dv NGM_L2TP_GET_STATS Pq Ic getstats
264This command returns a
265.Vt "struct ng_l2tp_stats"
266containing statistics of the L2TP tunnel.
267.It Dv NGM_L2TP_CLR_STATS Pq Ic clrstats
268This command clears the statistics for the L2TP tunnel.
269.It Dv NGM_L2TP_GETCLR_STATS Pq Ic getclrstats
270Same as
271.Dv NGM_L2TP_GET_STATS ,
272but also atomically clears the statistics as well.
273.It Dv NGM_L2TP_GET_SESSION_STATS Pq Ic getsessstats
274This command takes a two byte session ID as an argument and returns a
275.Vt "struct ng_l2tp_session_stats"
276containing statistics for the corresponding data session.
277The corresponding session hook must be connected.
278.It Dv NGM_L2TP_CLR_SESSION_STATS Pq Ic clrsessstats
279This command takes a two byte session ID as an argument and
280clears the statistics for that data session.
281The corresponding session hook must be connected.
282.It Dv NGM_L2TP_GETCLR_SESSION_STATS Pq Ic getclrsessstats
283Same as
284.Dv NGM_L2TP_GET_SESSION_STATS ,
285but also atomically clears the statistics as well.
286.It Dv NGM_L2TP_SET_SEQ Pq Ic setsequence
287This command sets the sequence numbers of a not yet enabled node.
288It takes a
289.Vt "struct ng_l2tp_seq_config"
290as argument, where
291.Va xack
292and
293.Va nr
294respectively
295.Va ns
296and
297.Va rack
298must be the same.
299This option is particularly useful if one receives and processes
300the first packet entirely in userspace and wants to hand over further
301processing to the node.
302.El
303.Sh SHUTDOWN
304This node shuts down upon receipt of a
305.Dv NGM_SHUTDOWN
306control message, or when all hooks have been disconnected.
307.Sh SEE ALSO
308.Xr netgraph 4 ,
309.Xr ng_ksocket 4 ,
310.Xr ng_ppp 4 ,
311.Xr ng_pptpgre 4 ,
312.Xr ngctl 8
313.Rs
314.%A W. Townsley
315.%A A. Valencia
316.%A A. Rubens
317.%A G. Pall
318.%A G. Zorn
319.%A B. Palter
320.%T "Layer Two Tunneling Protocol L2TP"
321.%O RFC 2661
322.Re
323.Sh HISTORY
324The
325.Nm l2tp
326node type was developed at Packet Design, LLC,
327.Pa http://www.packetdesign.com/ .
328.Sh AUTHORS
329.An Archie Cobbs Aq Mt archie@packetdesign.com
330