summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2006-05-17 03:29:56 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2006-05-17 03:29:56 +0000
commita807f14a489dbde079bbf3334b1fc6935ef23a3f (patch)
tree5ba13f8d4e0d4ae31bdad5d61443daac642024b9
parent1f1fdb3d9dccd95363baefa04b041bcfd621c85e (diff)
implement support for sppp(4) in ifconfig. have a look at the updated
manual pages pppoe(4) and sppp(4) for examples. the spppcontrol(8) utility is not required anymore and will probably be removed in the near future. ok deraadt@
-rw-r--r--sbin/ifconfig/ifconfig.891
-rw-r--r--sbin/ifconfig/ifconfig.c215
-rw-r--r--share/man/man4/pppoe.416
-rw-r--r--share/man/man4/sppp.467
4 files changed, 368 insertions, 21 deletions
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index 71577371e3a..943d5cd1f3f 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ifconfig.8,v 1.119 2006/04/12 14:15:03 aanriot Exp $
+.\" $OpenBSD: ifconfig.8,v 1.120 2006/05/17 03:29:55 reyk Exp $
.\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $
.\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $
.\"
@@ -87,6 +87,36 @@
.Cm pppoeac
.Ar access-concentrator
.Oc
+.Nm
+.Ar sppp-interface
+.Oo
+.Cm authproto
+.Ar proto
+.Oc
+.Oo
+.Cm authname
+.Ar name
+.Oc
+.Oo
+.Cm authkey
+.Ar key
+.Oc
+.Oo
+.Cm peerproto
+.Ar proto
+.Oc
+.Oo
+.Cm peername
+.Ar name
+.Oc
+.Oo
+.Cm peerkey
+.Ar key
+.Oc
+.Oo
+.Oo Fl Oc Ns Cm peerflag
+.Ar flag
+.Oc
.Nm ifconfig
.Ar trunk-interface
.Oo
@@ -314,6 +344,23 @@ Internet
addresses and Ethernet addresses.
.It Fl arp
Disable the use of ARP.
+.It Cm authproto Ar proto
+(PPP devices only)
+Set the PPP authentication protocol on the specified
+.Xr sppp 4
+interface acting as a client.
+The protocol name can be either
+.Ql chap ,
+.Ql pap ,
+or
+.Ql none .
+In the latter case, authentication will be turned off.
+.It Cm authname
+(PPP devices only)
+Set the client name for the PPP authentication protocol.
+.It Cm authkey
+(PPP devices only)
+Set the client key or password for the PPP authentication protocol.
.It Cm broadcast Ar addr
(inet only)
Specify the address to use to represent broadcasts to the
@@ -598,6 +645,45 @@ If the driver is a
pseudo-device, set the authentication key to
.Ar passphrase .
There is no passphrase by default.
+.It Cm peerflag Ar flag
+(PPP devices only)
+Set a specified PPP flag for the remote authenticator.
+The flag name can be either
+.Ql callin
+or
+.Ql norechallenge .
+The
+.Ql callin
+flag will require the remote peer to authenticate only when he's
+calling in, but not when the peer is called by the local client.
+This is required for some peers that do not implement the
+authentication protocols symmetrically.
+The
+.Ql norechallenge
+flag is only meaningful with the CHAP protocol to not re-challenge
+once the the initial CHAP handshake was successful.
+This is used to work around broken peer implementations that can't
+grok being re-challenged once the connection is up.
+.It Fl peerflag Ar flag
+(PPP devices only)
+Remove a specified PPP flag for the remote authenticator.
+.It Cm peerproto Ar proto
+(PPP devices only)
+Set the PPP authentication protocol on the specified
+.Xr sppp 4
+interface acting as an authenticator.
+The protocol name can be either
+.Ql chap ,
+.Ql pap ,
+or
+.Ql none .
+In the latter case, authentication will be turned off.
+.It Cm peername
+(PPP devices only)
+Set the authenticator name for the PPP authentication protocol.
+.It Cm peerkey
+(PPP devices only)
+Set the authenticator key or password for the PPP authentication protocol.
.It Cm phase Ar n
The argument
.Ar n
@@ -678,7 +764,7 @@ traffic can be protected using
.Xr ipsec 4 .
.It Fl syncpeer
If the driver is a
-.Xr pfsync 4
+.Xr pfsync 4;5A
pseudo-device, broadcast the packets using multicast.
.It Cm tentative
(inet6 only)
@@ -878,6 +964,7 @@ tried to alter an interface's configuration.
.Xr ppp 4 ,
.Xr pppoe 4 ,
.Xr sl 4 ,
+.Xr sppp 4 ,
.Xr trunk 4 ,
.Xr tun 4 ,
.Xr vlan 4 ,
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index a33454c2e31..634af6f08a7 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ifconfig.c,v 1.159 2006/03/23 14:20:09 mcbride Exp $ */
+/* $OpenBSD: ifconfig.c,v 1.160 2006/05/17 03:29:55 reyk Exp $ */
/* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */
/*
@@ -88,6 +88,8 @@
#include <net/if_pfsync.h>
#include <net/if_pppoe.h>
#include <net/if_trunk.h>
+#include <net/if_sppp.h>
+#include <net/ppp_defs.h>
#include <netatalk/at.h>
@@ -207,6 +209,17 @@ void setpppoe_dev(const char *,int);
void setpppoe_svc(const char *,int);
void setpppoe_ac(const char *,int);
void pppoe_status(void);
+void setspppproto(const char *, int);
+void setspppname(const char *, int);
+void setspppkey(const char *, int);
+void setsppppeerproto(const char *, int);
+void setsppppeername(const char *, int);
+void setsppppeerkey(const char *, int);
+void setsppppeerflag(const char *, int);
+void unsetsppppeerflag(const char *, int);
+void spppinfo(struct spppreq *);
+void sppp_status(void);
+void sppp_printproto(const char *, struct sauth *);
void settrunkport(const char *, int);
void unsettrunkport(const char *, int);
void settrunkproto(const char *, int);
@@ -328,6 +341,14 @@ const struct cmd {
{ "trunkport", NEXTARG, 0, settrunkport },
{ "-trunkport", NEXTARG, 0, unsettrunkport },
{ "trunkproto", NEXTARG, 0, settrunkproto },
+ { "authproto", NEXTARG, 0, setspppproto },
+ { "authname", NEXTARG, 0, setspppname },
+ { "authkey", NEXTARG, 0, setspppkey },
+ { "peerproto", NEXTARG, 0, setsppppeerproto },
+ { "peername", NEXTARG, 0, setsppppeername },
+ { "peerkey", NEXTARG, 0, setsppppeerkey },
+ { "peerflag", NEXTARG, 0, setsppppeerflag },
+ { "-peerflag", NEXTARG, 0, unsetsppppeerflag },
#endif /* SMALL */
#if 0
/* XXX `create' special-cased below */
@@ -2159,6 +2180,7 @@ status(int link, struct sockaddr_dl *sdl)
pfsync_status();
pppoe_status();
timeslot_status();
+ sppp_status();
trunk_status();
#endif
getifgroups();
@@ -3269,6 +3291,188 @@ setpppoe_ac(const char *val, int d)
}
void
+spppinfo(struct spppreq *spr)
+{
+ bzero(spr, sizeof(struct spppreq));
+
+ ifr.ifr_data = (caddr_t)spr;
+ spr->cmd = (int)SPPPIOGDEFS;
+ if (ioctl(s, SIOCGIFGENERIC, &ifr) == -1)
+ err(1, "SIOCGIFGENERIC(SPPPIOGDEFS)");
+}
+
+void
+setspppproto(const char *val, int d)
+{
+ struct spppreq spr;
+ struct sauth *auth;
+
+ spppinfo(&spr);
+ auth = d == 0 ? &spr.defs.myauth : &spr.defs.hisauth;
+ if (strcmp(val, "pap") == 0)
+ auth->proto = PPP_PAP;
+ else if (strcmp(val, "chap") == 0)
+ auth->proto = PPP_CHAP;
+ else if (strcmp(val, "none") == 0)
+ auth->proto = 0;
+ else
+ errx(1, "setpppproto");
+
+ spr.cmd = (int)SPPPIOSDEFS;
+ if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1)
+ err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)");
+}
+
+void
+setsppppeerproto(const char *val, int d)
+{
+ setspppproto(val, 1);
+}
+
+void
+setspppname(const char *val, int d)
+{
+ struct spppreq spr;
+ struct sauth *auth;
+
+ spppinfo(&spr);
+ auth = d == 0 ? &spr.defs.myauth : &spr.defs.hisauth;
+ if (auth->proto == 0)
+ errx(1, "unspecified protocol");
+ if (strlcpy((char *)auth->name, val, AUTHNAMELEN) >= AUTHNAMELEN)
+ errx(1, "setspppname");
+
+ spr.cmd = (int)SPPPIOSDEFS;
+ if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1)
+ err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)");
+}
+
+void
+setsppppeername(const char *val, int d)
+{
+ setspppname(val, 1);
+}
+
+void
+setspppkey(const char *val, int d)
+{
+ struct spppreq spr;
+ struct sauth *auth;
+
+ spppinfo(&spr);
+ auth = d == 0 ? &spr.defs.myauth : &spr.defs.hisauth;
+ if (auth->proto == 0)
+ errx(1, "unspecified protocol");
+ if (strlcpy((char *)auth->secret, val, AUTHKEYLEN) >= AUTHKEYLEN)
+ errx(1, "setspppname");
+
+ spr.cmd = (int)SPPPIOSDEFS;
+ if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1)
+ err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)");
+}
+
+void
+setsppppeerkey(const char *val, int d)
+{
+ setspppkey(val, 1);
+}
+
+void
+setsppppeerflag(const char *val, int d)
+{
+ struct spppreq spr;
+ struct sauth *auth;
+ int flag;
+
+ spppinfo(&spr);
+ auth = &spr.defs.hisauth;
+ if (auth->proto == 0)
+ errx(1, "unspecified protocol");
+ if (strcmp(val, "callin") == 0)
+ flag = AUTHFLAG_NOCALLOUT;
+ else if (strcmp(val, "norechallenge") == 0)
+ flag = AUTHFLAG_NORECHALLENGE;
+ else
+ errx(1, "setppppeerflags");
+
+ if (d)
+ auth->flags &= ~flag;
+ else
+ auth->flags |= flag;
+
+ spr.cmd = (int)SPPPIOSDEFS;
+ if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1)
+ err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)");
+}
+
+void
+unsetsppppeerflag(const char *val, int d)
+{
+ setsppppeerflag(val, 1);
+}
+
+void
+sppp_printproto(const char *name, struct sauth *auth)
+{
+ if (auth->proto == 0)
+ return;
+ printf("%sproto ", name);
+ switch (auth->proto) {
+ case PPP_PAP:
+ printf("pap ");
+ break;
+ case PPP_CHAP:
+ printf("chap ");
+ break;
+ default:
+ printf("0x%04x ", auth->proto);
+ break;
+ }
+ printf("%sname \"%.*s\" ", name, AUTHNAMELEN, auth->name);
+}
+
+void
+sppp_status(void)
+{
+ struct spppreq spr;
+
+ bzero(&spr, sizeof(spr));
+
+ ifr.ifr_data = (caddr_t)&spr;
+ spr.cmd = (int)SPPPIOGDEFS;
+ if (ioctl(s, SIOCGIFGENERIC, &ifr) == -1)
+ return;
+ if (spr.defs.pp_phase == PHASE_DEAD)
+ return;
+ printf("\tsppp: phase ");
+ switch (spr.defs.pp_phase) {
+ case PHASE_ESTABLISH:
+ printf("establish ");
+ break;
+ case PHASE_TERMINATE:
+ printf("terminate ");
+ break;
+ case PHASE_AUTHENTICATE:
+ printf("authenticate ");
+ break;
+ case PHASE_NETWORK:
+ printf("network ");
+ break;
+ default:
+ printf("illegal ");
+ break;
+ }
+
+ sppp_printproto("auth", &spr.defs.myauth);
+ sppp_printproto("peer", &spr.defs.hisauth);
+ if (spr.defs.hisauth.flags & AUTHFLAG_NOCALLOUT)
+ printf("callin ");
+ if (spr.defs.hisauth.flags & AUTHFLAG_NORECHALLENGE)
+ printf("norechallenge ");
+ putchar('\n');
+}
+
+void
settrunkport(const char *val, int d)
{
struct trunk_reqport rp;
@@ -3332,7 +3536,7 @@ trunk_status(void)
strlcpy(rp.rp_ifname, name, sizeof(rp.rp_ifname));
strlcpy(rp.rp_portname, name, sizeof(rp.rp_portname));
-
+
if (ioctl(s, SIOCGTRUNKPORT, &rp) == 0)
isport = 1;
@@ -3580,7 +3784,8 @@ void
usage(int value)
{
fprintf(stderr,
- "usage: ifconfig [interface] [address_family] [address [dest_address]]\n"
+ "usage: ifconfig "
+ "[interface] [address_family] [address [dest_address]]\n"
"\t[[-]alias] [[-]arp] [broadcast addr]\n"
"\t[[-]debug] [delete] [up] [down] [ipdst addr]\n"
"\t[tunnel src_address dest_address] [deletetunnel]\n"
@@ -3602,7 +3807,9 @@ usage(int value)
"\t[phase n] [range netrange] [timeslot timeslot_range]\n"
"\t[802.2] [802.2tr] [802.3] [snap] [EtherII]\n"
"\t[pppoeac access-concentrator] [-pppoeac]\n"
- "\t[pppoesvc service] [-pppoesvc]\n"
+ "\t[pppoesvc service] [-pppoesvc] [authproto proto]\n"
+ "\t[authname name] [authkey key] [peerproto proto]\n"
+ "\t[peername name] [peerkey key] [[-]peerflag flag]\n"
" ifconfig [-AaCMm] [interface] [address_family]\n"
" ifconfig interface create\n"
" ifconfig interface destroy\n");
diff --git a/share/man/man4/pppoe.4 b/share/man/man4/pppoe.4
index 8ba8faba84e..1d2a734cbd8 100644
--- a/share/man/man4/pppoe.4
+++ b/share/man/man4/pppoe.4
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pppoe.4,v 1.7 2005/10/06 15:30:50 jmc Exp $
+.\" $OpenBSD: pppoe.4,v 1.8 2006/05/17 03:29:55 reyk Exp $
.\" $NetBSD: pppoe.4,v 1.26 2003/10/02 07:06:36 wiz Exp $
.\"
.\" Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -93,7 +93,7 @@ As noted above it must be marked UP, but need not have an IP address.
Configure authentication.
The PPP session needs to identify the client to the peer.
For more details on the available options see
-.Xr spppcontrol 8 .
+.Xr ifconfig 8 .
.El
.Pp
This all is typically accomplished using an
@@ -104,13 +104,9 @@ A typical
.Pa /etc/hostname.pppoe0
file looks like this:
.Bd -literal -offset indent
-pppoedev ne0
-!/sbin/ifconfig ne0 up
-!/usr/sbin/spppcontrol \e$if myauthproto=pap myauthname=testcaller \e
- myauthkey=donttell
-!/sbin/ifconfig \e$if inet 0.0.0.0 0.0.0.1 netmask 0xffffffff
+inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev ne0 \e
+ authproto pap authname testcaller authkey donttell up
!/sbin/route add default 0.0.0.1
-up
.Ed
.Pp
Since this is a PPP interface, the addresses assigned to the interface
@@ -238,7 +234,7 @@ for more information on MTU, MSS, and NAT.
.Xr ifconfig 8 ,
.Xr ppp 8 ,
.Xr pppoe 8 ,
-.Xr spppcontrol 8
+.Xr sppp 4
.Rs
.%R RFC 2516
.%T A Method for Transmitting PPP Over Ethernet (PPPoE)
@@ -253,7 +249,7 @@ device first appeared in
This implementation is client side only.
.Pp
It is important to specify
-.Dq Li netmask 0xffffffff
+.Dq Li netmask 255.255.255.255
to
.Xr ifconfig 8 .
If the netmask is unspecified, it will be set to 8 when 0.0.0.0 is
diff --git a/share/man/man4/sppp.4 b/share/man/man4/sppp.4
index f9bb6562ea8..3cd97b8c211 100644
--- a/share/man/man4/sppp.4
+++ b/share/man/man4/sppp.4
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sppp.4,v 1.9 2003/05/05 13:51:58 jmc Exp $
+.\" $OpenBSD: sppp.4,v 1.10 2006/05/17 03:29:55 reyk Exp $
.\"
.\" Copyright (c) 1997 Joerg Wunsch
.\"
@@ -137,7 +137,7 @@ and it will do exactly what you would want it to.
The PAP and CHAP authentication protocols as described in RFC 1334,
and RFC 1994 resp., are also implemented.
Their parameters are being controlled by the
-.Xr spppcontrol 8
+.Xr ifconfig 8
utility.
.Sh DIAGNOSTICS
.Bl -diag
@@ -157,11 +157,54 @@ The keepalive facility detected the line being unresponsive.
Keepalive must be explicitly requested by the lower layers in order to
take place.
.El
+.Sh EXAMPLES
+Display the settings for pppoe0.
+The interface is currently in the
+.Em establish
+phase and tries to connect to the remote peer,
+other possible PPP phases are
+.Em dead ,
+.Em authenticate ,
+.Em network ,
+or
+.Em terminate .
+Both ends of the connection use the CHAP protocol, the local client
+tells the remote peer the system name
+.Ql uriah ,
+and the peer is expected to authenticate by the name
+.Ql ifb-gw .
+Once the initial CHAP handshake was successful, no further CHAP
+challenges will be transmitted.
+There are supposedly some known CHAP secrets for both ends of the link
+which are not displayed.
+.Bd -literal -offset indent
+$ ifconfig pppoe0
+pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
+ dev: em0 state: PADI sent
+ sid: 0x0 PADI retries: 0 PADR retries: 0
+ sppp: phase establish authproto chap authname "uriah" \e
+ peerproto chap peername "ifb-gw" norechallenge
+ groups: pppoe
+ inet 0.0.0.0 --> 0.0.0.1 netmask 0xffffffff
+.Ed
+.Pp
+A possible call to
+.Xr ifconfig 8
+that could have been used to bring the interface into the state shown
+by the previous example:
+.Bd -literal -offset indent
+# ifconfig pppoe0 0.0.0.0 0.0.0.1 netmask 0xffffffff \e
+ pppoedev em0 \e
+ authproto chap authname uriah authkey "some secret" \e
+ peerproto chap peername "ifb-gw" peerkey "another" \e
+ peerflag norechallenge \e
+ up
+.Ed
.Sh SEE ALSO
.Xr inet 4 ,
.Xr ifconfig 8 ,
.Xr ppp 8 ,
-.Xr spppcontrol 8
+.Xr pppoe 4
.Rs
.%A W. Simpson, Editor
.%T "The Point-to-Point Protocol (PPP)"
@@ -193,11 +236,25 @@ was written in 1994 at Cronyx Ltd., Moscow by
rewrote a large part in 1997 in order
to fully implement the state machine as described in RFC 1661, so it
could also be used for dialup lines.
-He also wrote this man page.
+He also wrote the initial version of this man page.
Serge later on wrote a basic implementation for PAP and CHAP, which
served as the base for the current implementation, done again by
.ie t J\(:org Wunsch.
.el Joerg Wunsch.
+.Pp
+.ie t Reyk Fl\(:oter
+.el Reyk Floeter
+implemented
+.Nm
+support for
+.Xr ifconfig 8
+in
+.Ox 4.0
+in order to remove the original
+.Ql spppcontrol
+utility, which has been previously used to configure and display the
+.Nm
+settings.
.Sh BUGS
Many.
.Pp
@@ -213,7 +270,7 @@ If the negotiation doesn't converge, this can cause an endless loop.
The various parameters that should be adjustable per RFC 1661 are
currently hard-coded into the kernel, and should be made accessible
through
-.Xr spppcontrol 8 .
+.Xr ifconfig 8 .
.Pp
.Em Passive
mode has not been tested extensively.