xref: /openbsd-src/share/man/man4/pipex.4 (revision 34e858ecfc3e6e5b0c8923b95a68bd9a46b927d0) 
1.\"	$OpenBSD: pipex.4,v 1.15 2022/07/12 08:58:53 mvs Exp $
2.\"
3.\" Copyright (c) 2012 YASUOKA Masahiko <yasuoka@openbsd.org>
4.\" Copyright (c) 2010 SUENAGA Hiroki <hsuenaga@openbsd.org>
5.\"
6.\" Permission to use, copy, modify, and distribute this software for any
7.\" purpose with or without fee is hereby granted, provided that the above
8.\" copyright notice and this permission notice appear in all copies.
9.\"
10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17.\"
18.Dd $Mdocdate: July 12 2022 $
19.Dt PIPEX 4
20.Os
21.Sh NAME
22.Nm pipex
23.Nd PPP IP EXtension to handle IP/PPP frames in-kernel
24.Sh SYNOPSIS
25.Cd "option PIPEX"
26.Pp
27.In sys/types.h
28.In sys/socket.h
29.In sys/ioctl.h
30.In net/if.h
31.In net/pipex.h
32.Sh DESCRIPTION
33.Nm
34is used with
35.Xr pppac 4
36and
37.Xr pppx 4 ,
38and handles PPP frames and forwards IP packets in-kernel.
39It accelerates the performance of packet forwarding, because it reduces
40copying of packets between kernel and userland.
41.Nm
42is disabled by default.
43To enable it, set
44.Va net.pipex.enable
45to
46.Sq 1
47using
48.Xr sysctl 8 .
49.Pp
50.Nm
51adds some extensions to the
52.Xr ioctl 2
53requests to
54.Xr pppac 4
55or
56.Xr pppx 4
57devices.
58The added requests are as follows:
59.Bl -tag -width Ds
60.It Dv PIPEXASESSION Fa "struct pipex_session_req *"
61Add a new PPP session to be handled by
62.Nm .
63The status of the session is passed as a
64.Vt pipex_session_req
65structure.
66The
67.Vt pipex_session_req
68structure has the following definition:
69.Bd -literal
70struct pipex_session_req {
71    int         pr_protocol;         /* tunnel protocol  */
72#define PIPEX_PROTO_L2TP   1         /* protocol L2TP */
73#define PIPEX_PROTO_PPTP   2         /* protocol PPTP */
74#define PIPEX_PROTO_PPPOE  3         /* protocol PPPoE */
75    uint16_t    pr_session_id;       /* session-id */
76    uint16_t    pr_peer_session_id;  /* peer's session-id */
77    uint32_t    pr_ppp_flags;        /* ppp configuration flags */
78#define PIPEX_PPP_ACFC_ACCEPTED  0x0001 /* ACFC accepted */
79#define PIPEX_PPP_PFC_ACCEPTED   0x0002 /* PFC accepted */
80#define PIPEX_PPP_ACFC_ENABLED   0x0004 /* ACFC enabled */
81#define PIPEX_PPP_PFC_ENABLED    0x0008 /* PFC enabled */
82#define PIPEX_PPP_MPPE_ACCEPTED  0x0010 /* MPPE accepted */
83#define PIPEX_PPP_MPPE_ENABLED   0x0020 /* MPPE enabled */
84#define PIPEX_PPP_MPPE_REQUIRED  0x0040 /* MPPE is required */
85#define PIPEX_PPP_HAS_ACF        0x0080 /* has ACF */
86#define PIPEX_PPP_ADJUST_TCPMSS  0x0100 /* do tcpmss adjustment */
87#define PIPEX_PPP_INGRESS_FILTER 0x0200 /* do ingress filter */
88    int8_t      pr_ccp_id;           /* ccp current packet id */
89    int         pr_ppp_id;           /* ppp id. */
90    uint16_t    pr_peer_mru;         /* peer's mru */
91    uint16_t    pr_timeout_sec;      /* idle timer */
92
93    struct in_addr      pr_ip_srcaddr;    /* local IP address */
94    struct in_addr      pr_ip_address;    /* framed IP address */
95    struct in_addr      pr_ip_netmask;    /* framed IP netmask */
96    struct sockaddr_in6 pr_ip6_address;   /* framed IPv6 address */
97    int                 pr_ip6_prefixlen; /* framed IPv6 prefix
98                                             length */
99    union {
100        struct {
101            uint32_t snd_nxt;         /* send next */
102            uint32_t rcv_nxt;         /* receive next */
103            uint32_t snd_una;         /* unacked */
104            uint32_t rcv_acked;       /* recv acked */
105            int winsz;                /* window size */
106            int maxwinsz;             /* max window size */
107            int peer_maxwinsz;        /* peer's max window size */
108        } pptp;
109        struct {
110            /* select protocol options: 1 for enable */
111            uint32_t option_flags;
112    #define PIPEX_L2TP_USE_SEQUENCING  0x00000001
113                                      /* use sequence number
114					 on L2TP data messages */
115
116            uint16_t tunnel_id;       /* our tunnel-id */
117            uint16_t peer_tunnel_id;  /* peer's tunnel-id */
118            uint32_t ns_nxt;          /* send next */
119            uint32_t nr_nxt;          /* receive next */
120            uint32_t ns_una;          /* unacked */
121            uint32_t nr_acked;        /* recv acked */
122            uint32_t ipsecflowinfo;   /* IPsec flow id for NAT-T */
123        } l2tp;
124        struct {
125            char over_ifname[IF_NAMESIZE];
126                                      /* ethernet ifname */
127        } pppoe;
128    } pr_proto;
129    struct sockaddr_storage  pr_peer_address;
130                                      /* peer address of tunnel */
131    struct sockaddr_storage  pr_local_address;
132				      /* our address of tunnel */
133    struct pipex_mppe_req    pr_mppe_recv;
134				      /* mppe key for receive */
135    struct pipex_mppe_req    pr_mppe_send;
136				      /* mppe key for send */
137};
138.Ed
139.Pp
140The
141.Vt pipex_mppe_req
142structure that was used by
143.Va pr_mppe_recv
144and
145.Va pr_mppe_send
146has the following definition:
147.Bd -literal
148struct pipex_mppe_req {
149    int16_t  stateless;            /* mppe key mode.
150                                      1 for stateless */
151    int16_t  keylenbits;           /* mppe key length(in bits)*/
152    u_char   master_key[PIPEX_MPPE_KEYLEN];
153                                   /* mppe master key */
154};
155.Ed
156.It Dv PIPEXDSESSION Fa "struct pipex_session_close_req *"
157Delete the specified session from the kernel.
158Specify the session using a
159.Vt pipex_session_close_req
160structure, which has the following definition:
161.Bd -literal
162struct pipex_session_close_req {
163    int                      psr_protocol;   /* tunnel protocol */
164    uint16_t                 psr_session_id; /* session-id */
165    struct pipex_statistics  psr_stat;       /* statistics */
166};
167.Ed
168.Pp
169The
170.Va psr_protocol
171and
172.Va psr_session_id
173fields used to specify the session are mandatory.
174On successful return, the
175.Va psr_stat
176field is filled by the kernel.
177See
178.Dv PIPEXGSTAT
179section for a description of the
180.Vt pipex_statistics
181structure.
182.It Dv PIPEXGSTAT    Fa "struct pipex_session_stat_req *"
183Get statistics for the specified session.
184Specify the session using a
185.Vt pipex_session_stat_req
186structure, which has the following definition:
187.Bd -literal
188struct pipex_session_stat_req {
189    int                      psr_protocol;   /* tunnel protocol */
190    uint16_t                 psr_session_id; /* session-id */
191    struct pipex_statistics  psr_stat;       /* statistics */
192};
193.Ed
194.Pp
195The
196.Va psr_protocol
197and
198.Va psr_session_id
199fields used to specify the session are mandatory.
200On successful return, the
201.Va psr_stat
202field is filled by the kernel.
203The
204.Vt pipex_statistics
205structure has the following definition:
206.Bd -literal
207struct pipex_statistics {
208    uint32_t ipackets;   /* packets received from tunnel */
209    uint32_t ierrors;    /* error packets received from tunnel */
210    uint64_t ibytes;     /* number of received bytes from tunnel */
211    uint32_t opackets;   /* packets sent to tunnel */
212    uint32_t oerrors;    /* error packets on sending to tunnel */
213    uint64_t obytes;     /* number of sent bytes to tunnel */
214
215    uint32_t idle_time;  /* idle time in seconds */
216};
217.Ed
218.It Dv PIPEXGCLOSED  Fa "struct pipex_session_list_req *"
219Get a list of closed sessions.
220.Nm
221reserves closed sessions for 30 seconds
222for userland programs to get statistical information.
223On successful return,
224the
225.Vt pipex_session_list_req
226structure is filled by the kernel.
227The structure has the following definition.
228.Bd -literal
229struct pipex_session_list_req {
230    uint8_t  plr_flags;
231#define PIPEX_LISTREQ_MORE         0x01      /* has more session */
232    int      plr_ppp_id_count;               /* count of PPP id */
233    int      plr_ppp_id[PIPEX_MAX_LISTREQ];  /* PPP id */
234};
235.Ed
236.It Dv PIPEXSIFDESCR Fa "struct pipex_session_descr_req *"
237Set the
238.Xr pppx 4
239interface's description of the session.
240This command doesn't work on
241.Xr pppac 4
242devices.
243Specify the session and its description using a
244.Vt pipex_session_descr_req
245structure, which has the following definition:
246.Bd -literal
247struct pipex_session_descr_req {
248    int       pdr_protocol;           /* tunnel protocol */
249    uint16_t  pdr_session_id;         /* session-id */
250    char      pdr_descr[IFDESCRSIZE]; /* description */
251};
252.Ed
253.El
254.Sh SEE ALSO
255.Xr ioctl 2 ,
256.Xr pppac 4 ,
257.Xr pppx 4 ,
258.Xr npppd 8 ,
259.Xr sysctl 8
260.Sh AUTHORS
261The
262.Nm
263was written by
264.An Internet Initiative Japan Inc .
265.Sh BUGS
266.Xr pppx 4
267does not allow sessions with
268.Ic pr_timeout_sec
269set to any value other than 0.
270