OpenBSD manual page server

NAME

sppp — PPP and Link Control Protocol

SYNOPSIS

pseudo-device sppp [count]

DESCRIPTION

The sppp network layer implements the state machine and Link Control Protocol (LCP) of the Point-to-Point Protocol (PPP) as described in RFC 1661. Note that this layer does not provide network interfaces of its own, it is rather intended to be layered on top of drivers providing a point-to-point connection that wish to run a PPP stack over it. The corresponding network interfaces have to be provided by these hardware drivers.

The sppp layer provides three basic modes of operation. The default mode, with no special flags set, is to create the PPP connection (administrative Open event to the LCP layer) as soon as the interface is taken up with the ifconfig(8) command. Taking the interface down again will terminate the LCP layer and thus all other layers on top. The link will also terminate itself as soon as no Network Control Protocol (NCP) is open anymore, indicating that the lower layers are no longer needed.

Setting the link-level flag link0 with ifconfig(8) will cause the respective network interface to go into passive mode. This means the administrative Open event to the LCP layer will be delayed until after the lower layers signal an Up event (rise of “carrier”). This can be used by the lower layers to support a dial-in connection where the physical layer isn't available immediately at startup, but only after some external event arrives. Receipt of a Down event from the lower layer will not take the interface completely down in this case.

Finally, setting the flag link1 will cause the interface to operate in dial-on-demand mode. This is also only useful if the lower layers support the notion of a carrier (like with an ISDN line). Upon configuring the respective interface, it will delay the administrative Open event to the LCP layer until either an outbound network packet arrives, or until the lower layers signal an Up event, indicating an inbound connection. As with passive mode, receipt of a Down event (loss of carrier) will not automatically take the interface down, thus it remains available for further connections.

The sppp layer supports the debug interface flag, which can be set with ifconfig(8). If this flag is set, the various control protocol packets being exchanged as well as the option negotiation between both ends of the link will be logged at level LOG_DEBUG. This can be helpful to examine configuration problems during the first attempts to set up a new configuration. Without this flag being set, only the major phase transitions will be logged at level LOG_INFO.

It is possible to leave the local interface IP address open for negotiation by setting it to 0.0.0.0. This requires that the remote peer can correctly supply a value for it based on the identity of the caller, or on the remote address supplied by this side. Due to the way the IPCP option negotiation works, this address is supplied late during the negotiation, which could cause the remote peer to make false assumptions.

In a similar spirit the remote address can be set to a magical value in the range 0.0.0.1 to 0.0.0.255, which means that we don't care what address the remote side will use, as long as it is not 0.0.0.0. This is useful if your ISP has several dial-in servers. You can of course route add something or other 0.0.0.1 and it will do exactly what you would want it to.

Once a connection is established, the device will send out a nameserver proposal, which resolvd(8) can act on. If during IPCP negotiation no DNS server options were exchanged, the nameserver proposal will be empty.

The PAP and CHAP authentication protocols, as described in RFCs 1334 and 1994, respectively, are also implemented. Their parameters are controlled by the ifconfig(8) utility.

EXAMPLES

Display the settings for pppoe0. The interface is currently in the establish phase and tries to connect to the remote peer; other possible PPP phases are dead, authenticate, network, or terminate. Both ends of the connection use the CHAP protocol, the local client tells the remote peer the system name ‘uriah’, and the peer is expected to authenticate by the name ‘ifb-gw’. Once the initial CHAP handshake has been successful, no further CHAP challenges will be transmitted. There are supposedly some known CHAP secrets for both ends of the link which are not displayed.

$ ifconfig pppoe0
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
        dev: em0 state: PADI sent
        sid: 0x0 PADI retries: 0 PADR retries: 0
        sppp: phase establish authproto chap authname "uriah" \
		peerproto chap peername "ifb-gw" norechallenge
        groups: pppoe
        inet 0.0.0.0 --> 0.0.0.1 netmask 0xffffffff

A possible call to ifconfig(8) that could have been used to bring the interface into the state shown by the previous example:

# ifconfig em0 up
# ifconfig pppoe0 0.0.0.0 0.0.0.1 netmask 0xffffffff \
	pppoedev em0 \
	authproto chap authname uriah authkey "some secret" \
	peerproto chap peername "ifb-gw" peerkey "another" \
	peerflag norechallenge \
	up

DIAGNOSTICS

<ifname><ifnum>: <proto> illegal <event> in state <statename>

An event happened that should not happen for the current state the respective control protocol is in. See RFC 1661 for a description of the state automaton.

<ifname><ifnum>: loopback

The state automaton detected a line loopback (that is, it was talking with itself). The interface will be temporarily disabled.

<ifname><ifnum>: up

The LCP layer is running again, after a line loopback had previously been detected.

<ifname><ifnum>: down

The keepalive facility detected the line being unresponsive. Keepalive must be explicitly requested by the lower layers in order to take place.

SEE ALSO

inet(4), pppoe(4), ifconfig(8)

STANDARDS

G. McGregor, The PPP Internet Protocol Control Protocol (IPCP), RFC 1332, May 1992.

B. Lloyd and W. Simpson, PPP Authentication Protocols, RFC 1334, October 1992.

W. Simpson, The Point-to-Point Protocol (PPP), RFC 1661, July 1994.

S. Cobb, PPP Internet Protocol Control Protocol Extensions for Name Server Addresses, RFC 1877, December 1995.

W. Simpson, PPP Challenge Handshake Authentication Protocol (CHAP), RFC 1994, August 1996.

S. Varada, D. Haskins, and E. Allen, IP Version 6 over PPP, RFC 5072, September 2007.

AUTHORS

The original implementation of sppp was written in 1994 at Cronyx Ltd., Moscow, by Serge Vakulenko <vak@cronyx.ru>. Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de> rewrote a large part in 1997 in order to fully implement the state machine as described in RFC 1661, so it could also be used for dialup lines. He also wrote the initial version of this man page. Serge later on wrote a basic implementation for PAP and CHAP, which served as the base for the current implementation, done again by Joerg Wunsch.

Reyk Floeter implemented sppp support for ifconfig(8) in OpenBSD 4.0 in order to remove the original ‘spppcontrol’ utility, which was previously used to configure and display the sppp settings.

BUGS

Many.

Negotiation loop avoidance is not fully implemented. If the negotiation doesn't converge, this can cause an endless loop.

The various parameters that should be adjustable per RFC 1661 are currently hard-coded into the kernel, and should be made accessible through ifconfig(8).

Passive mode has not been tested extensively.

More NCPs should be implemented, as well as other control protocols for authentication and link quality reporting.

IPCP should support VJ header compression.

Link-level compression protocols should be supported.