1.\" $OpenBSD: pipex.4,v 1.10 2015/09/22 11:27:13 sobrado Exp $ 2.\" 3.\" Copyright (c) 2012 YASUOKA Masahiko <yasuoka@openbsd.org> 4.\" Copyright (c) 2010 SUENAGA Hiroki <hsuenaga@openbsd.org> 5.\" 6.\" Permission to use, copy, modify, and distribute this software for any 7.\" purpose with or without fee is hereby granted, provided that the above 8.\" copyright notice and this permission notice appear in all copies. 9.\" 10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17.\" 18.Dd $Mdocdate: September 22 2015 $ 19.Dt PIPEX 4 20.Os 21.Sh NAME 22.Nm pipex 23.Nd PPP IP EXtension to handle IP/PPP frames in-kernel 24.Sh SYNOPSIS 25.Cd "option PIPEX" 26.Pp 27.In sys/socket.h 28.In sys/ioctl.h 29.In net/pipex.h 30.Sh DESCRIPTION 31.Nm 32is used with 33.Xr tun 4 34and 35.Xr pppx 4 , 36and handles PPP frames and forwards IP packets in-kernel. 37It accelerates the performance of packet forwarding, because it reduces 38copying of packets between kernel and userland. 39.Nm 40is disabled by default. 41To enable it, set 42.Va net.pipex.enable 43to 44.Sq 1 45using 46.Xr sysctl 8 . 47.Pp 48.Nm 49adds some extensions to the 50.Xr ioctl 2 51requests to 52.Xr tun 4 53or 54.Xr pppx 4 55devices. 56The added requests are as follows: 57.Bl -tag -width Ds 58.It Dv PIPEXGMODE Fa "int *" 59Get the devices's 60.Nm 61operation mode. 621 to enable 63.Nm 64on this device; 0 to disable. 65.It Dv PIPEXSMODE Fa "int *" 66Set the device's 67.Nm 68operation mode. 691 to enable 70.Nm 71on this device; 0 to disable. 72.It Dv PIPEXASESSION Fa "struct pipex_session_req *" 73Add a new PPP session to be handled by 74.Nm . 75The status of the session is passed as a 76.Vt pipex_session_req 77structure. 78The 79.Vt pipex_session_req 80structure has the following definition: 81.Bd -literal 82struct pipex_session_req { 83 int pr_protocol; /* tunnel protocol */ 84#define PIPEX_PROTO_L2TP 1 /* protocol L2TP */ 85#define PIPEX_PROTO_PPTP 2 /* protocol PPTP */ 86#define PIPEX_PROTO_PPPOE 3 /* protocol PPPoE */ 87 uint16_t pr_session_id; /* session-id */ 88 uint16_t pr_peer_session_id; /* peer's session-id */ 89 uint32_t pr_ppp_flags; /* ppp configuration flags */ 90#define PIPEX_PPP_ACFC_ACCEPTED 0x0001 /* ACFC accepted */ 91#define PIPEX_PPP_PFC_ACCEPTED 0x0002 /* PFC accepted */ 92#define PIPEX_PPP_ACFC_ENABLED 0x0004 /* ACFC enabled */ 93#define PIPEX_PPP_PFC_ENABLED 0x0008 /* PFC enabled */ 94#define PIPEX_PPP_MPPE_ACCEPTED 0x0010 /* MPPE accepted */ 95#define PIPEX_PPP_MPPE_ENABLED 0x0020 /* MPPE enabled */ 96#define PIPEX_PPP_MPPE_REQUIRED 0x0040 /* MPPE is required */ 97#define PIPEX_PPP_HAS_ACF 0x0080 /* has ACF */ 98#define PIPEX_PPP_ADJUST_TCPMSS 0x0100 /* do tcpmss adjustment */ 99#define PIPEX_PPP_INGRESS_FILTER 0x0200 /* do ingress filter */ 100 int8_t pr_ccp_id; /* ccp current packet id */ 101 int pr_ppp_id; /* ppp id. */ 102 uint16_t pr_peer_mru; /* peer's mru */ 103 uint16_t pr_timeout_sec; /* idle timer */ 104 105 struct in_addr pr_ip_srcaddr; /* local IP address. 106 not used by tun(4) */ 107 struct in_addr pr_ip_address; /* framed IP address */ 108 struct in_addr pr_ip_netmask; /* framed IP netmask */ 109 struct sockaddr_in6 pr_ip6_address; /* framed IPv6 address */ 110 int pr_ip6_prefixlen; /* framed IPv6 prefix 111 length */ 112 union { 113 struct { 114 uint32_t snd_nxt; /* send next */ 115 uint32_t rcv_nxt; /* receive next */ 116 uint32_t snd_una; /* unacked */ 117 uint32_t rcv_acked; /* recv acked */ 118 int winsz; /* window size */ 119 int maxwinsz; /* max window size */ 120 int peer_maxwinsz; /* peer's max window size */ 121 } pptp; 122 struct { 123 /* select protocol options: 1 for enable */ 124 uint32_t option_flags; 125 #define PIPEX_L2TP_USE_SEQUENCING 0x00000001 126 /* use sequence number 127 on L2TP data messages */ 128 129 uint16_t tunnel_id; /* our tunnel-id */ 130 uint16_t peer_tunnel_id; /* peer's tunnel-id */ 131 uint32_t ns_nxt; /* send next */ 132 uint32_t nr_nxt; /* receive next */ 133 uint32_t ns_una; /* unacked */ 134 uint32_t nr_acked; /* recv acked */ 135 uint32_t ipsecflowinfo; /* IPsec flow id for NAT-T */ 136 } l2tp; 137 struct { 138 char over_ifname[IF_NAMESIZE]; 139 /* ethernet ifname */ 140 } pppoe; 141 } pr_proto; 142 struct sockaddr_storage pr_peer_address; 143 /* peer address of tunnel */ 144 struct sockaddr_storage pr_local_address; 145 /* our address of tunnel */ 146 struct pipex_mppe_req pr_mppe_recv; 147 /* mppe key for receive */ 148 struct pipex_mppe_req pr_mppe_send; 149 /* mppe key for send */ 150}; 151.Ed 152.Pp 153The 154.Vt pipex_mppe_req 155structure that was used by 156.Va pr_mppe_recv 157and 158.Va pr_mppe_send 159has the following definition: 160.Bd -literal 161struct pipex_mppe_req { 162 int16_t stateless; /* mppe key mode. 163 1 for stateless */ 164 int16_t keylenbits; /* mppe key length(in bits)*/ 165 u_char master_key[PIPEX_MPPE_KEYLEN]; 166 /* mppe master key */ 167}; 168.Ed 169.It Dv PIPEXDSESSION Fa "struct pipex_session_close_req *" 170Delete the specified session from the kernel. 171Specify the session using a 172.Vt pipex_session_stat_req 173structure, which has the following definition: 174.Bd -literal 175struct pipex_session_stat_req { 176 int psr_protocol; /* tunnel protocol */ 177 uint16_t psr_session_id; /* session-id */ 178 struct pipex_statistics psr_stat; /* statistics */ 179}; 180.Ed 181.Pp 182The 183.Va psr_protocol 184and 185.Va psr_session_id 186fields used to specify the session are mandatory. 187On successful return, the 188.Va psr_stat 189field is filled by the kernel. 190See 191.Dv PIPEXGSTAT 192section for a description of the 193.Vt pipex_statistics 194structure. 195.It Dv PIPEXCSESSION Fa "struct pipex_session_config_req *" 196Change the configuration of the specified session. 197The session and configuration are specified by a 198.Vt pipex_session_config_req 199structure, which has the following definition: 200.Bd -literal 201struct pipex_session_config_req { 202 int pcr_protocol; /* tunnel protocol */ 203 uint16_t pcr_session_id; /* session-id */ 204 int pcr_ip_forward; /* ip_forwarding on/off */ 205}; 206.Ed 207.It Dv PIPEXGSTAT Fa "struct pipex_session_stat_req *" 208Get statistics for the specified session. 209Specify the session using a 210.Vt pipex_session_stat_req 211structure, which has the following definition: 212.Bd -literal 213struct pipex_session_stat_req { 214 int psr_protocol; /* tunnel protocol */ 215 uint16_t psr_session_id; /* session-id */ 216 struct pipex_statistics psr_stat; /* statistics */ 217}; 218.Ed 219.Pp 220The 221.Va psr_protocol 222and 223.Va psr_session_id 224fields used to specify the session are mandatory. 225On successful return, the 226.Va psr_stat 227field is filled by the kernel. 228The 229.Vt pipex_statistics 230structure has the following definition: 231.Bd -literal 232struct pipex_statistics { 233 uint32_t ipackets; /* packets received from tunnel */ 234 uint32_t ierrors; /* error packets received from tunnel */ 235 uint64_t ibytes; /* number of received bytes from tunnel */ 236 uint32_t opackets; /* packets sent to tunnel */ 237 uint32_t oerrors; /* error packets on sending to tunnel */ 238 uint64_t obytes; /* number of sent bytes to tunnel */ 239 240 uint32_t idle_time; /* idle time in seconds */ 241}; 242.Ed 243.It Dv PIPEXGCLOSED Fa "struct pipex_session_list_req *" 244Get a list of closed sessions. 245.Nm 246reserves closed sessions for 30 seconds 247for userland programs to get statistical information. 248On successful return, 249the 250.Vt pipex_session_list_req 251structure is filled by the kernel. 252The structure has the following definition. 253.Bd -literal 254struct pipex_session_list_req { 255 uint8_t plr_flags; 256#define PIPEX_LISTREQ_MORE 0x01 /* has more session */ 257 int plr_ppp_id_count; /* count of PPP id */ 258 int plr_ppp_id[PIPEX_MAX_LISTREQ]; /* PPP id */ 259}; 260.Ed 261.It Dv PIPEXSIFDESCR Fa "struct pipex_session_descr_req *" 262Set the 263.Xr pppx 4 264interface's description of the session. 265This command doesn't work on 266.Xr tun 4 267devices. 268Specify the session and its description using a 269.Vt pipex_session_descr_req 270structure, which has the following definition: 271.Bd -literal 272struct pipex_session_descr_req { 273 int pdr_protocol; /* tunnel protocol */ 274 uint16_t pdr_session_id; /* session-id */ 275 char pdr_descr[IFDESCRSIZE]; /* description */ 276}; 277.Ed 278.El 279.Sh SEE ALSO 280.Xr ioctl 2 , 281.Xr pppx 4 , 282.Xr tun 4 , 283.Xr npppd 8 , 284.Xr sysctl 8 285.Sh AUTHORS 286The 287.Nm 288was written by 289.An Internet Initiative Japan Inc. 290