1 .\" Copyright (c) 2001-2002 Packet Design, LLC.
2 .\" All rights reserved.
4 .\" Subject to the following obligations and disclaimer of warranty,
5 .\" use and redistribution of this software, in source or object code
6 .\" forms, with or without modifications are expressly permitted by
7 .\" Packet Design; provided, however, that:
9 .\" (i) Any and all reproductions of the source or object code
10 .\" must include the copyright notice above and the following
11 .\" disclaimer of warranties; and
12 .\" (ii) No rights are granted, in any manner or form, to use
13 .\" Packet Design trademarks, including the mark "PACKET DESIGN"
14 .\" on advertising, endorsements, or otherwise except as such
15 .\" appears in the above copyright notice or in the software.
17 .\" THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND
18 .\" TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO
19 .\" REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING
20 .\" THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED
21 .\" WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
22 .\" OR NON-INFRINGEMENT. PACKET DESIGN DOES NOT WARRANT, GUARANTEE,
23 .\" OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS
24 .\" OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY,
25 .\" RELIABILITY OR OTHERWISE. IN NO EVENT SHALL PACKET DESIGN BE
26 .\" LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE
27 .\" OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT,
28 .\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL
29 .\" DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
30 .\" USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF
31 .\" LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
33 .\" THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF
34 .\" THE POSSIBILITY OF SUCH DAMAGE.
36 .\" Author: Archie Cobbs <archie@FreeBSD.org>
45 .Nd L2TP protocol netgraph node type
48 .In netgraph/ng_l2tp.h
52 node type implements the encapsulation layer of the L2TP protocol
53 as described in RFC 2661.
54 This includes adding the L2TP packet header for outgoing packets
55 and verifying and removing it for incoming packets.
56 The node maintains the L2TP sequence number state and handles
57 control session packet acknowledgment and retransmission.
61 node type supports the following hooks:
63 .Bl -tag -compact -offset indent -width ".Dv session_hhhh"
69 Session 0xhhhh data packets.
72 L2TP control and data packets are transmitted to, and received from,
76 Typically this hook would be connected to the
80 node for L2TP over UDP.
84 hook connects to the local L2TP management entity.
85 L2TP control messages (without any L2TP headers) are transmitted
86 and received on this hook.
87 Messages written to this hook are guaranteed to be delivered to the
88 peer reliably, in order, and without duplicates.
90 Packets written to the
92 hook must contain a two byte session ID prepended to the frame
94 This session ID is copied to the outgoing L2TP header.
95 Similarly, packets read from the
97 hook will have the received session ID prepended.
99 Once an L2TP session has been created, the corresponding session
100 hook may be used to transmit and receive the session's data frames:
101 for the session with session ID
106 This node type supports the generic control messages, plus the following:
107 .Bl -tag -width indent
108 .It Dv NGM_L2TP_SET_CONFIG
109 This command updates the configuration of the node.
111 .Vt "struct ng_l2tp_config"
114 /* Configuration for a node */
115 struct ng_l2tp_config {
116 u_char enabled; /* enables traffic flow */
117 u_char match_id; /* tunnel id must match 'tunnel_id' */
118 u_int16_t tunnel_id; /* local tunnel id */
119 u_int16_t peer_id; /* peer's tunnel id */
120 u_int16_t peer_win; /* peer's max recv window size */
121 u_int16_t rexmit_max; /* max retransmits before failure */
122 u_int16_t rexmit_max_to; /* max delay between retransmits */
128 field enables packet processing.
129 Each time this field is changed back to zero the sequence
130 number state is reset.
131 In this way, reuse of a node is possible.
135 field configures the local tunnel ID for the control connection.
138 field determines how incoming L2TP packets with a tunnel ID
144 is non-zero, they will be dropped; otherwise, they will be dropped
145 only if the tunnel ID is non-zero.
148 is set to the local tunnel ID as soon as it is known and
150 is set to non-zero after receipt of the SCCRP or SCCCN control message.
152 The peer's tunnel ID should be set in
154 as soon as it is learned, typically after receipt of a SCCRQ or SCCRP
156 This value is copied into the L2TP header for outgoing packets.
160 field should be set from the
161 .Dq "Receive Window Size"
162 AVP received from the peer.
163 The default value for this field is one; zero is an invalid value.
166 is non-zero, this value may not be decreased.
172 fields configure packet retransmission.
174 is the maximum retransmission delay between packets, in seconds.
175 The retransmit delay will start at a small value and increase
176 exponentially up to this limit.
179 sets the maximum number of times a packet will be retransmitted
180 without being acknowledged before a failure condition is declared.
181 Once a failure condition is declared, each additional retransmission
185 .Dv NGM_L2TP_ACK_FAILURE
186 control message back to the node that sent the last
187 .Dv NGM_L2TP_SET_CONFIG .
188 Appropriate action should then be taken to shutdown the control connection.
189 .It Dv NGM_L2TP_GET_CONFIG
190 Returns the current configuration as a
191 .Vt "struct ng_l2tp_config" .
192 .It Dv NGM_L2TP_SET_SESS_CONFIG
193 This control message configures a single data session.
194 The corresponding hook must already be connected before sending this command.
196 .Vt "struct ng_l2tp_sess_config" :
198 /* Configuration for a session hook */
199 struct ng_l2tp_sess_config {
200 u_int16_t session_id; /* local session id */
201 u_int16_t peer_id; /* peer's session id */
202 u_char control_dseq; /* we control data sequencing? */
203 u_char enable_dseq; /* enable data sequencing? */
204 u_char include_length; /* include length field? */
212 fields configure the local and remote session IDs, respectively.
218 fields determine whether sequence numbers are used with L2TP data packets.
221 is zero, then no sequence numbers are sent and incoming sequence numbers
223 Otherwise, sequence numbers are included on outgoing packets and checked
228 is non-zero, then the setting of
230 will never change except by another
231 .Dv NGM_L2TP_SET_SESS_CONFIG
235 is zero, then the peer controls whether sequence numbers are used:
236 if an incoming L2TP data packet contains sequence numbers,
238 is set to one, and conversely if an incoming L2TP data packet does not
239 contain sequence numbers,
244 is always accessible via the
245 .Dv NGM_L2TP_GET_SESS_CONFIG
246 control message (see below).
247 Typically an LNS would set
249 to one while a LAC would set
251 to zero (if the Sequencing Required AVP were not sent), thus giving
252 control of data packet sequencing to the LNS.
256 field determines whether the L2TP header length field is included
257 in outgoing L2TP data packets.
258 For incoming packets, the L2TP length field is always checked when present.
259 .It Dv NGM_L2TP_GET_SESS_CONFIG
260 This command takes a two byte session ID as an argument and returns
261 the current configuration for the corresponding data session as a
262 .Vt "struct ng_l2tp_sess_config" .
263 The corresponding session hook must be connected.
264 .It Dv NGM_L2TP_GET_STATS
265 This command returns a
266 .Vt "struct ng_l2tp_stats"
267 containing statistics of the L2TP tunnel.
268 .It Dv NGM_L2TP_CLR_STATS
269 This command clears the statistics for the L2TP tunnel.
270 .It Dv NGM_L2TP_GETCLR_STATS
272 .Dv NGM_L2TP_GET_STATS ,
273 but also atomically clears the statistics as well.
274 .It Dv NGM_L2TP_GET_SESSION_STATS
275 This command takes a two byte session ID as an argument and returns a
276 .Vt "struct ng_l2tp_session_stats"
277 containing statistics for the corresponding data session.
278 The corresponding session hook must be connected.
279 .It Dv NGM_L2TP_CLR_SESSION_STATS
280 This command takes a two byte session ID as an argument and
281 clears the statistics for that data session.
282 The corresponding session hook must be connected.
283 .It Dv NGM_L2TP_GETCLR_SESSION_STATS
285 .Dv NGM_L2TP_GET_SESSION_STATS ,
286 but also atomically clears the statistics as well.
287 .It Dv NGM_L2TP_SET_SEQ
288 This command sets the sequence numbers of a not yet enabled node.
290 .Vt "struct ng_l2tp_seq_config"
300 This option is particularly useful if one receives and processes
301 the first packet entirely in userspace and wants to hand over further
302 processing to the node.
305 This node shuts down upon receipt of a
307 control message, or when all hooks have been disconnected.
321 .%T "Layer Two Tunneling Protocol L2TP"
327 node type was developed at Packet Design, LLC,
328 .Pa http://www.packetdesign.com/ .
330 .An Archie Cobbs Aq archie@packetdesign.com