diff options
| -rw-r--r-- | sbin/ifconfig/ifconfig.8 | 91 | ||||
| -rw-r--r-- | sbin/ifconfig/ifconfig.c | 215 | ||||
| -rw-r--r-- | share/man/man4/pppoe.4 | 16 | ||||
| -rw-r--r-- | share/man/man4/sppp.4 | 67 |
4 files changed, 368 insertions, 21 deletions
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index 71577371e3a..943d5cd1f3f 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ifconfig.8,v 1.119 2006/04/12 14:15:03 aanriot Exp $ +.\" $OpenBSD: ifconfig.8,v 1.120 2006/05/17 03:29:55 reyk Exp $ .\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $ .\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $ .\" @@ -87,6 +87,36 @@ .Cm pppoeac .Ar access-concentrator .Oc +.Nm +.Ar sppp-interface +.Oo +.Cm authproto +.Ar proto +.Oc +.Oo +.Cm authname +.Ar name +.Oc +.Oo +.Cm authkey +.Ar key +.Oc +.Oo +.Cm peerproto +.Ar proto +.Oc +.Oo +.Cm peername +.Ar name +.Oc +.Oo +.Cm peerkey +.Ar key +.Oc +.Oo +.Oo Fl Oc Ns Cm peerflag +.Ar flag +.Oc .Nm ifconfig .Ar trunk-interface .Oo @@ -314,6 +344,23 @@ Internet addresses and Ethernet addresses. .It Fl arp Disable the use of ARP. +.It Cm authproto Ar proto +(PPP devices only) +Set the PPP authentication protocol on the specified +.Xr sppp 4 +interface acting as a client. +The protocol name can be either +.Ql chap , +.Ql pap , +or +.Ql none . +In the latter case, authentication will be turned off. +.It Cm authname +(PPP devices only) +Set the client name for the PPP authentication protocol. +.It Cm authkey +(PPP devices only) +Set the client key or password for the PPP authentication protocol. .It Cm broadcast Ar addr (inet only) Specify the address to use to represent broadcasts to the @@ -598,6 +645,45 @@ If the driver is a pseudo-device, set the authentication key to .Ar passphrase . There is no passphrase by default. +.It Cm peerflag Ar flag +(PPP devices only) +Set a specified PPP flag for the remote authenticator. +The flag name can be either +.Ql callin +or +.Ql norechallenge . +The +.Ql callin +flag will require the remote peer to authenticate only when he's +calling in, but not when the peer is called by the local client. +This is required for some peers that do not implement the +authentication protocols symmetrically. +The +.Ql norechallenge +flag is only meaningful with the CHAP protocol to not re-challenge +once the the initial CHAP handshake was successful. +This is used to work around broken peer implementations that can't +grok being re-challenged once the connection is up. +.It Fl peerflag Ar flag +(PPP devices only) +Remove a specified PPP flag for the remote authenticator. +.It Cm peerproto Ar proto +(PPP devices only) +Set the PPP authentication protocol on the specified +.Xr sppp 4 +interface acting as an authenticator. +The protocol name can be either +.Ql chap , +.Ql pap , +or +.Ql none . +In the latter case, authentication will be turned off. +.It Cm peername +(PPP devices only) +Set the authenticator name for the PPP authentication protocol. +.It Cm peerkey +(PPP devices only) +Set the authenticator key or password for the PPP authentication protocol. .It Cm phase Ar n The argument .Ar n @@ -678,7 +764,7 @@ traffic can be protected using .Xr ipsec 4 . .It Fl syncpeer If the driver is a -.Xr pfsync 4 +.Xr pfsync 4;5A pseudo-device, broadcast the packets using multicast. .It Cm tentative (inet6 only) @@ -878,6 +964,7 @@ tried to alter an interface's configuration. .Xr ppp 4 , .Xr pppoe 4 , .Xr sl 4 , +.Xr sppp 4 , .Xr trunk 4 , .Xr tun 4 , .Xr vlan 4 , diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c index a33454c2e31..634af6f08a7 100644 --- a/sbin/ifconfig/ifconfig.c +++ b/sbin/ifconfig/ifconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifconfig.c,v 1.159 2006/03/23 14:20:09 mcbride Exp $ */ +/* $OpenBSD: ifconfig.c,v 1.160 2006/05/17 03:29:55 reyk Exp $ */ /* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */ /* @@ -88,6 +88,8 @@ #include <net/if_pfsync.h> #include <net/if_pppoe.h> #include <net/if_trunk.h> +#include <net/if_sppp.h> +#include <net/ppp_defs.h> #include <netatalk/at.h> @@ -207,6 +209,17 @@ void setpppoe_dev(const char *,int); void setpppoe_svc(const char *,int); void setpppoe_ac(const char *,int); void pppoe_status(void); +void setspppproto(const char *, int); +void setspppname(const char *, int); +void setspppkey(const char *, int); +void setsppppeerproto(const char *, int); +void setsppppeername(const char *, int); +void setsppppeerkey(const char *, int); +void setsppppeerflag(const char *, int); +void unsetsppppeerflag(const char *, int); +void spppinfo(struct spppreq *); +void sppp_status(void); +void sppp_printproto(const char *, struct sauth *); void settrunkport(const char *, int); void unsettrunkport(const char *, int); void settrunkproto(const char *, int); @@ -328,6 +341,14 @@ const struct cmd { { "trunkport", NEXTARG, 0, settrunkport }, { "-trunkport", NEXTARG, 0, unsettrunkport }, { "trunkproto", NEXTARG, 0, settrunkproto }, + { "authproto", NEXTARG, 0, setspppproto }, + { "authname", NEXTARG, 0, setspppname }, + { "authkey", NEXTARG, 0, setspppkey }, + { "peerproto", NEXTARG, 0, setsppppeerproto }, + { "peername", NEXTARG, 0, setsppppeername }, + { "peerkey", NEXTARG, 0, setsppppeerkey }, + { "peerflag", NEXTARG, 0, setsppppeerflag }, + { "-peerflag", NEXTARG, 0, unsetsppppeerflag }, #endif /* SMALL */ #if 0 /* XXX `create' special-cased below */ @@ -2159,6 +2180,7 @@ status(int link, struct sockaddr_dl *sdl) pfsync_status(); pppoe_status(); timeslot_status(); + sppp_status(); trunk_status(); #endif getifgroups(); @@ -3269,6 +3291,188 @@ setpppoe_ac(const char *val, int d) } void +spppinfo(struct spppreq *spr) +{ + bzero(spr, sizeof(struct spppreq)); + + ifr.ifr_data = (caddr_t)spr; + spr->cmd = (int)SPPPIOGDEFS; + if (ioctl(s, SIOCGIFGENERIC, &ifr) == -1) + err(1, "SIOCGIFGENERIC(SPPPIOGDEFS)"); +} + +void +setspppproto(const char *val, int d) +{ + struct spppreq spr; + struct sauth *auth; + + spppinfo(&spr); + auth = d == 0 ? &spr.defs.myauth : &spr.defs.hisauth; + if (strcmp(val, "pap") == 0) + auth->proto = PPP_PAP; + else if (strcmp(val, "chap") == 0) + auth->proto = PPP_CHAP; + else if (strcmp(val, "none") == 0) + auth->proto = 0; + else + errx(1, "setpppproto"); + + spr.cmd = (int)SPPPIOSDEFS; + if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1) + err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)"); +} + +void +setsppppeerproto(const char *val, int d) +{ + setspppproto(val, 1); +} + +void +setspppname(const char *val, int d) +{ + struct spppreq spr; + struct sauth *auth; + + spppinfo(&spr); + auth = d == 0 ? &spr.defs.myauth : &spr.defs.hisauth; + if (auth->proto == 0) + errx(1, "unspecified protocol"); + if (strlcpy((char *)auth->name, val, AUTHNAMELEN) >= AUTHNAMELEN) + errx(1, "setspppname"); + + spr.cmd = (int)SPPPIOSDEFS; + if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1) + err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)"); +} + +void +setsppppeername(const char *val, int d) +{ + setspppname(val, 1); +} + +void +setspppkey(const char *val, int d) +{ + struct spppreq spr; + struct sauth *auth; + + spppinfo(&spr); + auth = d == 0 ? &spr.defs.myauth : &spr.defs.hisauth; + if (auth->proto == 0) + errx(1, "unspecified protocol"); + if (strlcpy((char *)auth->secret, val, AUTHKEYLEN) >= AUTHKEYLEN) + errx(1, "setspppname"); + + spr.cmd = (int)SPPPIOSDEFS; + if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1) + err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)"); +} + +void +setsppppeerkey(const char *val, int d) +{ + setspppkey(val, 1); +} + +void +setsppppeerflag(const char *val, int d) +{ + struct spppreq spr; + struct sauth *auth; + int flag; + + spppinfo(&spr); + auth = &spr.defs.hisauth; + if (auth->proto == 0) + errx(1, "unspecified protocol"); + if (strcmp(val, "callin") == 0) + flag = AUTHFLAG_NOCALLOUT; + else if (strcmp(val, "norechallenge") == 0) + flag = AUTHFLAG_NORECHALLENGE; + else + errx(1, "setppppeerflags"); + + if (d) + auth->flags &= ~flag; + else + auth->flags |= flag; + + spr.cmd = (int)SPPPIOSDEFS; + if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1) + err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)"); +} + +void +unsetsppppeerflag(const char *val, int d) +{ + setsppppeerflag(val, 1); +} + +void +sppp_printproto(const char *name, struct sauth *auth) +{ + if (auth->proto == 0) + return; + printf("%sproto ", name); + switch (auth->proto) { + case PPP_PAP: + printf("pap "); + break; + case PPP_CHAP: + printf("chap "); + break; + default: + printf("0x%04x ", auth->proto); + break; + } + printf("%sname \"%.*s\" ", name, AUTHNAMELEN, auth->name); +} + +void +sppp_status(void) +{ + struct spppreq spr; + + bzero(&spr, sizeof(spr)); + + ifr.ifr_data = (caddr_t)&spr; + spr.cmd = (int)SPPPIOGDEFS; + if (ioctl(s, SIOCGIFGENERIC, &ifr) == -1) + return; + if (spr.defs.pp_phase == PHASE_DEAD) + return; + printf("\tsppp: phase "); + switch (spr.defs.pp_phase) { + case PHASE_ESTABLISH: + printf("establish "); + break; + case PHASE_TERMINATE: + printf("terminate "); + break; + case PHASE_AUTHENTICATE: + printf("authenticate "); + break; + case PHASE_NETWORK: + printf("network "); + break; + default: + printf("illegal "); + break; + } + + sppp_printproto("auth", &spr.defs.myauth); + sppp_printproto("peer", &spr.defs.hisauth); + if (spr.defs.hisauth.flags & AUTHFLAG_NOCALLOUT) + printf("callin "); + if (spr.defs.hisauth.flags & AUTHFLAG_NORECHALLENGE) + printf("norechallenge "); + putchar('\n'); +} + +void settrunkport(const char *val, int d) { struct trunk_reqport rp; @@ -3332,7 +3536,7 @@ trunk_status(void) strlcpy(rp.rp_ifname, name, sizeof(rp.rp_ifname)); strlcpy(rp.rp_portname, name, sizeof(rp.rp_portname)); - + if (ioctl(s, SIOCGTRUNKPORT, &rp) == 0) isport = 1; @@ -3580,7 +3784,8 @@ void usage(int value) { fprintf(stderr, - "usage: ifconfig [interface] [address_family] [address [dest_address]]\n" + "usage: ifconfig " + "[interface] [address_family] [address [dest_address]]\n" "\t[[-]alias] [[-]arp] [broadcast addr]\n" "\t[[-]debug] [delete] [up] [down] [ipdst addr]\n" "\t[tunnel src_address dest_address] [deletetunnel]\n" @@ -3602,7 +3807,9 @@ usage(int value) "\t[phase n] [range netrange] [timeslot timeslot_range]\n" "\t[802.2] [802.2tr] [802.3] [snap] [EtherII]\n" "\t[pppoeac access-concentrator] [-pppoeac]\n" - "\t[pppoesvc service] [-pppoesvc]\n" + "\t[pppoesvc service] [-pppoesvc] [authproto proto]\n" + "\t[authname name] [authkey key] [peerproto proto]\n" + "\t[peername name] [peerkey key] [[-]peerflag flag]\n" " ifconfig [-AaCMm] [interface] [address_family]\n" " ifconfig interface create\n" " ifconfig interface destroy\n"); diff --git a/share/man/man4/pppoe.4 b/share/man/man4/pppoe.4 index 8ba8faba84e..1d2a734cbd8 100644 --- a/share/man/man4/pppoe.4 +++ b/share/man/man4/pppoe.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pppoe.4,v 1.7 2005/10/06 15:30:50 jmc Exp $ +.\" $OpenBSD: pppoe.4,v 1.8 2006/05/17 03:29:55 reyk Exp $ .\" $NetBSD: pppoe.4,v 1.26 2003/10/02 07:06:36 wiz Exp $ .\" .\" Copyright (c) 2002 The NetBSD Foundation, Inc. @@ -93,7 +93,7 @@ As noted above it must be marked UP, but need not have an IP address. Configure authentication. The PPP session needs to identify the client to the peer. For more details on the available options see -.Xr spppcontrol 8 . +.Xr ifconfig 8 . .El .Pp This all is typically accomplished using an @@ -104,13 +104,9 @@ A typical .Pa /etc/hostname.pppoe0 file looks like this: .Bd -literal -offset indent -pppoedev ne0 -!/sbin/ifconfig ne0 up -!/usr/sbin/spppcontrol \e$if myauthproto=pap myauthname=testcaller \e - myauthkey=donttell -!/sbin/ifconfig \e$if inet 0.0.0.0 0.0.0.1 netmask 0xffffffff +inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev ne0 \e + authproto pap authname testcaller authkey donttell up !/sbin/route add default 0.0.0.1 -up .Ed .Pp Since this is a PPP interface, the addresses assigned to the interface @@ -238,7 +234,7 @@ for more information on MTU, MSS, and NAT. .Xr ifconfig 8 , .Xr ppp 8 , .Xr pppoe 8 , -.Xr spppcontrol 8 +.Xr sppp 4 .Rs .%R RFC 2516 .%T A Method for Transmitting PPP Over Ethernet (PPPoE) @@ -253,7 +249,7 @@ device first appeared in This implementation is client side only. .Pp It is important to specify -.Dq Li netmask 0xffffffff +.Dq Li netmask 255.255.255.255 to .Xr ifconfig 8 . If the netmask is unspecified, it will be set to 8 when 0.0.0.0 is diff --git a/share/man/man4/sppp.4 b/share/man/man4/sppp.4 index f9bb6562ea8..3cd97b8c211 100644 --- a/share/man/man4/sppp.4 +++ b/share/man/man4/sppp.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sppp.4,v 1.9 2003/05/05 13:51:58 jmc Exp $ +.\" $OpenBSD: sppp.4,v 1.10 2006/05/17 03:29:55 reyk Exp $ .\" .\" Copyright (c) 1997 Joerg Wunsch .\" @@ -137,7 +137,7 @@ and it will do exactly what you would want it to. The PAP and CHAP authentication protocols as described in RFC 1334, and RFC 1994 resp., are also implemented. Their parameters are being controlled by the -.Xr spppcontrol 8 +.Xr ifconfig 8 utility. .Sh DIAGNOSTICS .Bl -diag @@ -157,11 +157,54 @@ The keepalive facility detected the line being unresponsive. Keepalive must be explicitly requested by the lower layers in order to take place. .El +.Sh EXAMPLES +Display the settings for pppoe0. +The interface is currently in the +.Em establish +phase and tries to connect to the remote peer, +other possible PPP phases are +.Em dead , +.Em authenticate , +.Em network , +or +.Em terminate . +Both ends of the connection use the CHAP protocol, the local client +tells the remote peer the system name +.Ql uriah , +and the peer is expected to authenticate by the name +.Ql ifb-gw . +Once the initial CHAP handshake was successful, no further CHAP +challenges will be transmitted. +There are supposedly some known CHAP secrets for both ends of the link +which are not displayed. +.Bd -literal -offset indent +$ ifconfig pppoe0 +pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492 + dev: em0 state: PADI sent + sid: 0x0 PADI retries: 0 PADR retries: 0 + sppp: phase establish authproto chap authname "uriah" \e + peerproto chap peername "ifb-gw" norechallenge + groups: pppoe + inet 0.0.0.0 --> 0.0.0.1 netmask 0xffffffff +.Ed +.Pp +A possible call to +.Xr ifconfig 8 +that could have been used to bring the interface into the state shown +by the previous example: +.Bd -literal -offset indent +# ifconfig pppoe0 0.0.0.0 0.0.0.1 netmask 0xffffffff \e + pppoedev em0 \e + authproto chap authname uriah authkey "some secret" \e + peerproto chap peername "ifb-gw" peerkey "another" \e + peerflag norechallenge \e + up +.Ed .Sh SEE ALSO .Xr inet 4 , .Xr ifconfig 8 , .Xr ppp 8 , -.Xr spppcontrol 8 +.Xr pppoe 4 .Rs .%A W. Simpson, Editor .%T "The Point-to-Point Protocol (PPP)" @@ -193,11 +236,25 @@ was written in 1994 at Cronyx Ltd., Moscow by rewrote a large part in 1997 in order to fully implement the state machine as described in RFC 1661, so it could also be used for dialup lines. -He also wrote this man page. +He also wrote the initial version of this man page. Serge later on wrote a basic implementation for PAP and CHAP, which served as the base for the current implementation, done again by .ie t J\(:org Wunsch. .el Joerg Wunsch. +.Pp +.ie t Reyk Fl\(:oter +.el Reyk Floeter +implemented +.Nm +support for +.Xr ifconfig 8 +in +.Ox 4.0 +in order to remove the original +.Ql spppcontrol +utility, which has been previously used to configure and display the +.Nm +settings. .Sh BUGS Many. .Pp @@ -213,7 +270,7 @@ If the negotiation doesn't converge, this can cause an endless loop. The various parameters that should be adjustable per RFC 1661 are currently hard-coded into the kernel, and should be made accessible through -.Xr spppcontrol 8 . +.Xr ifconfig 8 . .Pp .Em Passive mode has not been tested extensively. |