PPP and Link Control
sppp network layer implements the
state machine and Link Control Protocol (LCP) of the Point-to-Point Protocol
(PPP) as described in RFC 1661. Note that this layer does not provide
network interfaces of its own, it is rather intended to be layered on top of
drivers providing a point-to-point connection that wish to run a PPP stack
over it. The corresponding network interfaces have to be provided by these
sppp layer provides three basic modes
of operation. The default mode, with no special flags set, is to create the
PPP connection (administrative Open event to the LCP
layer) as soon as the interface is taken up with the
ifconfig(8) command. Taking the interface down again will terminate
the LCP layer and thus all other layers on top. The link will also terminate
itself as soon as no Network Control Protocol (NCP) is open anymore,
indicating that the lower layers are no longer needed.
Setting the link-level flag
ifconfig(8) will cause the respective network interface to go into
This means the administrative Open event to the LCP layer
will be delayed until after the lower layers signal an Up
event (rise of “carrier”). This can be used by the lower
layers to support a dial-in connection where the physical layer isn't
available immediately at startup, but only after some external event
arrives. Receipt of a Down event from the lower layer will
not take the interface completely down in this case.
Finally, setting the flag
link1 will cause the interface to operate in
mode. This is also only useful if the lower layers support the notion of a
carrier (like with an ISDN line). Upon configuring the respective interface,
it will delay the administrative Open event to the LCP
layer until either an outbound network packet arrives, or until the lower
layers signal an Up event, indicating an inbound
connection. As with passive mode, receipt of a Down event
(loss of carrier) will not automatically take the interface down, thus it
remains available for further connections.
sppp layer supports the
flag, which can be set with
ifconfig(8). If this flag is set, the various control protocol
packets being exchanged as well as the option negotiation between both ends
of the link will be logged at level
can be helpful to examine configuration problems during the first attempts
to set up a new configuration. Without this flag being set, only the major
phase transitions will be logged at level
It is possible to leave the local interface IP address open for negotiation by setting it to 0.0.0.0. This requires that the remote peer can correctly supply a value for it based on the identity of the caller, or on the remote address supplied by this side. Due to the way the IPCP option negotiation works, this address is supplied late during the negotiation, which could cause the remote peer to make false assumptions.
In a similar spirit the remote address can be set to the magical
value 0.0.0.1, which means that we don't care what address the remote side
will use, as long as it is not 0.0.0.0. This is useful if your ISP has
several dial-in servers. You can of course
something or other 0.0.0.1 and it will do exactly what you would want
The PAP and CHAP authentication protocols, as described in RFCs 1334 and 1994, respectively, are also implemented. Their parameters are controlled by the ifconfig(8) utility.
Display the settings for pppoe0. The interface is currently in the
phase and tries to connect to the remote peer; other possible PPP phases are
Both ends of the connection use the CHAP protocol, the local client tells
the remote peer the system name
uriah’, and the peer is expected to
authenticate by the name ‘
Once the initial CHAP handshake has been successful, no further CHAP
challenges will be transmitted. There are supposedly some known CHAP secrets
for both ends of the link which are not displayed.
$ ifconfig pppoe0 pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492 dev: em0 state: PADI sent sid: 0x0 PADI retries: 0 PADR retries: 0 sppp: phase establish authproto chap authname "uriah" \ peerproto chap peername "ifb-gw" norechallenge groups: pppoe inet 0.0.0.0 --> 0.0.0.1 netmask 0xffffffff
A possible call to ifconfig(8) that could have been used to bring the interface into the state shown by the previous example:
# ifconfig em0 up # ifconfig pppoe0 0.0.0.0 0.0.0.1 netmask 0xffffffff \ pppoedev em0 \ authproto chap authname uriah authkey "some secret" \ peerproto chap peername "ifb-gw" peerkey "another" \ peerflag norechallenge \ up
- <ifname><ifnum>: <proto> illegal <event> in state <statename>
- An event happened that should not happen for the current state the respective control protocol is in. See RFC 1661 for a description of the state automaton.
- <ifname><ifnum>: loopback
- The state automaton detected a line loopback (that is, it was talking with itself). The interface will be temporarily disabled.
- <ifname><ifnum>: up
- The LCP layer is running again, after a line loopback had previously been detected.
- <ifname><ifnum>: down
- The keepalive facility detected the line being unresponsive. Keepalive must be explicitly requested by the lower layers in order to take place.
inet(4), pppoe(4), ifconfig(8)
G. McGregor, The PPP Internet Protocol Control Protocol (IPCP), RFC 1332, May 1992.
B. Lloyd and W. Simpson, PPP Authentication Protocols, RFC 1334, October 1992.
W. Simpson, The Point-to-Point Protocol (PPP), RFC 1661, July 1994.
W. Simpson, PPP Challenge Handshake Authentication Protocol (CHAP), RFC 1994, August 1996.
S. Varada, D. Haskins, and E. Allen, IP Version 6 over PPP, RFC 5072, September 2007.
The original implementation of
written in 1994 at Cronyx Ltd., Moscow, by Serge
rewrote a large part in 1997 in order to fully implement the state machine
as described in RFC 1661, so it could also be used for dialup lines. He also
wrote the initial version of this man page. Serge later on wrote a basic
implementation for PAP and CHAP, which served as the base for the current
implementation, done again by Joerg Wunsch.
Reyk Floeter implemented
sppp support for
ifconfig(8) in OpenBSD 4.0 in order to remove
the original ‘
which was previously used to configure and display the
Negotiation loop avoidance is not fully implemented. If the negotiation doesn't converge, this can cause an endless loop.
The various parameters that should be adjustable per RFC 1661 are currently hard-coded into the kernel, and should be made accessible through ifconfig(8).
Passive mode has not been tested extensively.
More NCPs should be implemented, as well as other control protocols for authentication and link quality reporting.
IPCP should support VJ header compression.
Link-level compression protocols should be supported.