SPPP(4) BSD Kernel Interfaces Manual SPPP(4)
sppp -- PPP and Link Control Protocol
pseudo-device sppp [count]
The sppp network layer implements the state machine and Link Control Pro-
tocol (LCP) of the Point-to-Point Protocol (PPP) as described in RFC
1661. Note that this layer does not provide network interfaces of its
own, it is rather intended to be layered on top of drivers providing a
point-to-point connection that wish to run a PPP stack over it. The cor-
responding network interfaces have to be provided by these hardware driv-
The sppp layer provides three basic modes of operation. The default
mode, with no special flags set, is to create the PPP connection (admin-
istrative Open event to the LCP layer) as soon as the interface is taken
up with the ifconfig(8) command. Taking the interface down again will
terminate the LCP layer and thus all other layers on top. The link will
also terminate itself as soon as no Network Control Protocol (NCP) is
open anymore, indicating that the lower layers are no longer needed.
Setting the link-level flag link0 with ifconfig(8) will cause the respec-
tive network interface to go into passive mode. This means the adminis-
trative Open event to the LCP layer will be delayed until after the lower
layers signal an Up event (rise of ``carrier''). This can be used by the
lower layers to support a dial-in connection where the physical layer
isn't available immediately at startup, but only after some external
event arrives. Receipt of a Down event from the lower layer will not
take the interface completely down in this case.
Finally, setting the flag link1 will cause the interface to operate in
dial-on-demand mode. This is also only useful if the lower layers sup-
port the notion of a carrier (like with an ISDN line). Upon configuring
the respective interface, it will delay the administrative Open event to
the LCP layer until either an outbound network packet arrives, or until
the lower layers signal an Up event, indicating an inbound connection.
As with passive mode, receipt of a Down event (loss of carrier) will not
automatically take the interface down, thus it remains available for fur-
The sppp layer supports the debug interface flag, which can be set with
ifconfig(8). If this flag is set, the various control protocol packets
being exchanged as well as the option negotiation between both ends of
the link will be logged at level LOG_DEBUG. This can be helpful to exam-
ine configuration problems during the first attempts to set up a new con-
figuration. Without this flag being set, only the major phase transi-
tions will be logged at level LOG_INFO.
It is possible to leave the local interface IP address open for negotia-
tion by setting it to 0.0.0.0. This requires that the remote peer can
correctly supply a value for it based on the identity of the caller, or
on the remote address supplied by this side. Due to the way the IPCP
option negotiation works, this address is supplied late during the nego-
tiation, which could cause the remote peer to make false assumptions.
In a similar spirit the remote address can be set to the magical value
0.0.0.1, which means that we don't care what address the remote side will
use, as long as it is not 0.0.0.0. This is useful if your ISP has sev-
eral dial-in servers. You can of course route add something or other
0.0.0.1 and it will do exactly what you would want it to.
The PAP and CHAP authentication protocols, as described in RFCs 1334 and
1994, respectively, are also implemented. Their parameters are con-
trolled by the ifconfig(8) utility.
Display the settings for pppoe0. The interface is currently in the
establish phase and tries to connect to the remote peer; other possible
PPP phases are dead, authenticate, network, or terminate. Both ends of
the connection use the CHAP protocol, the local client tells the remote
peer the system name 'uriah', and the peer is expected to authenticate by
the name 'ifb-gw'. Once the initial CHAP handshake has been successful,
no further CHAP challenges will be transmitted. There are supposedly
some known CHAP secrets for both ends of the link which are not dis-
$ ifconfig pppoe0
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
dev: em0 state: PADI sent
sid: 0x0 PADI retries: 0 PADR retries: 0
sppp: phase establish authproto chap authname "uriah" \
peerproto chap peername "ifb-gw" norechallenge
inet 0.0.0.0 --> 0.0.0.1 netmask 0xffffffff
A possible call to ifconfig(8) that could have been used to bring the
interface into the state shown by the previous example:
# ifconfig em0 up
# ifconfig pppoe0 0.0.0.0 0.0.0.1 netmask 0xffffffff \
pppoedev em0 \
authproto chap authname uriah authkey "some secret" \
peerproto chap peername "ifb-gw" peerkey "another" \
peerflag norechallenge \
<<ifname>><<ifnum>>: <<proto>> illegal <<event>> in state <<statename>> An event
happened that should not happen for the current state the respective con-
trol protocol is in. See RFC 1661 for a description of the state automa-
<<ifname>><<ifnum>>: loopback The state automaton detected a line loopback
(that is, it was talking with itself). The interface will be temporarily
<<ifname>><<ifnum>>: up The LCP layer is running again, after a line loop-
back had previously been detected.
<<ifname>><<ifnum>>: down The keepalive facility detected the line being
unresponsive. Keepalive must be explicitly requested by the lower layers
in order to take place.
inet(4), pppoe(4), ifconfig(8)
G. McGregor, The PPP Internet Protocol Control Protocol (IPCP), RFC 1332,
B. Lloyd and W. Simpson, PPP Authentication Protocols, RFC 1334, October
W. Simpson, The Point-to-Point Protocol (PPP), RFC 1661, July 1994.
W. Simpson, PPP Challenge Handshake Authentication Protocol (CHAP), RFC
1994, August 1996.
S. Varada, D. Haskins, and E. Allen, IP Version 6 over PPP, RFC 5072,
The original implementation of sppp was written in 1994 at Cronyx Ltd.,
Moscow, by Serge Vakulenko <firstname.lastname@example.org>. Joerg Wunsch
<email@example.com> rewrote a large part in 1997 in order to
fully implement the state machine as described in RFC 1661, so it could
also be used for dialup lines. He also wrote the initial version of this
man page. Serge later on wrote a basic implementation for PAP and CHAP,
which served as the base for the current implementation, done again by
Reyk Floeter implemented sppp support for ifconfig(8) in OpenBSD 4.0 in
order to remove the original 'spppcontrol' utility, which was previously
used to configure and display the sppp settings.
Negotiation loop avoidance is not fully implemented. If the negotiation
doesn't converge, this can cause an endless loop.
The various parameters that should be adjustable per RFC 1661 are cur-
rently hard-coded into the kernel, and should be made accessible through
Passive mode has not been tested extensively.
More NCPs should be implemented, as well as other control protocols for
authentication and link quality reporting.
IPCP should support VJ header compression.
Link-level compression protocols should be supported.
BSD April 23, 2017 BSD