d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

o Add the -foreground switch. This switch behaves like -background except

Browse Source 
that ppp stays in the foreground.
o Add the -quiet switch to quieten ppps startup
o Add the -nat flag and discourage the use of the -alias flag.  Both do
  the same thing.
o Correct some nat usage strings.
o Change the internal ``alias'' command to ``nat''.
This commit is contained in:
Brian Somers 1999-08-19 18:15:52 +00:00
parent c81c6baf1d
commit 67b072f732
16 changed files with 356 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
usr.sbin/ppp/alias_cmd.c
View File

@ -2,7 +2,7 @@
* The code in this file was written by Eivind Eklund <perhaps@yes.no>,
* who places it in the public domain without restriction.
*
* $Id: alias_cmd.c,v 1.28 1999/07/24 02:53:39 brian Exp $
* $Id: alias_cmd.c,v 1.29 1999/07/28 19:39:00 brian Exp $
*/
#include <sys/param.h>
@ -70,9 +70,9 @@ lowhigh(u_short *a, u_short *b)
}
int
alias_RedirectPort(struct cmdargs const *arg)
nat_RedirectPort(struct cmdargs const *arg)
{
if (!arg->bundle->AliasEnabled) {
if (!arg->bundle->NatEnabled) {
prompt_Printf(arg->prompt, "Alias not enabled\n");
return 1;
} else if (arg->argc == arg->argn + 3 || arg->argc == arg->argn + 4) {
@ -101,14 +101,14 @@ alias_RedirectPort(struct cmdargs const *arg)
error = StrToAddrAndPort(arg->argv[arg->argn+1], &localaddr, &llocalport,
&hlocalport, proto);
if (error) {
prompt_Printf(arg->prompt, "alias port: error reading localaddr:port\n");
prompt_Printf(arg->prompt, "nat port: error reading localaddr:port\n");
return -1;
}
error = StrToPortRange(arg->argv[arg->argn+2], &laliasport, &haliasport,
proto);
if (error) {
prompt_Printf(arg->prompt, "alias port: error reading alias port\n");
prompt_Printf(arg->prompt, "nat port: error reading alias port\n");
return -1;
}
aliasaddr.s_addr = INADDR_ANY;
@ -117,7 +117,7 @@ alias_RedirectPort(struct cmdargs const *arg)
error = StrToAddrAndPort(arg->argv[arg->argn+3], &remoteaddr,
&lremoteport, &hremoteport, proto);
if (error) {
prompt_Printf(arg->prompt, "alias port: error reading "
prompt_Printf(arg->prompt, "nat port: error reading "
"remoteaddr:port\n");
return -1;
}
@ -131,13 +131,13 @@ alias_RedirectPort(struct cmdargs const *arg)
lowhigh(&lremoteport, &hremoteport);
if (haliasport - laliasport != hlocalport - llocalport) {
prompt_Printf(arg->prompt, "alias port: local & alias port ranges "
prompt_Printf(arg->prompt, "nat port: local & alias port ranges "
"are not equal\n");
return -1;
}
if (hremoteport && hremoteport - lremoteport != hlocalport - llocalport) {
prompt_Printf(arg->prompt, "alias port: local & remote port ranges "
prompt_Printf(arg->prompt, "nat port: local & remote port ranges "
"are not equal\n");
return -1;
}
@ -149,7 +149,7 @@ alias_RedirectPort(struct cmdargs const *arg)
proto_constant);
if (link == NULL) {
prompt_Printf(arg->prompt, "alias port: %d: error %d\n", laliasport,
prompt_Printf(arg->prompt, "nat port: %d: error %d\n", laliasport,
error);
return 1;
}
@ -167,10 +167,10 @@ alias_RedirectPort(struct cmdargs const *arg)
int
alias_RedirectAddr(struct cmdargs const *arg)
nat_RedirectAddr(struct cmdargs const *arg)
{
if (!arg->bundle->AliasEnabled) {
prompt_Printf(arg->prompt, "alias not enabled\n");
if (!arg->bundle->NatEnabled) {
prompt_Printf(arg->prompt, "nat not enabled\n");
return 1;
} else if (arg->argc == arg->argn+2) {
int error;
@ -185,7 +185,7 @@ alias_RedirectAddr(struct cmdargs const *arg)
error = StrToAddr(arg->argv[arg->argn+1], &aliasaddr);
if (error) {
prompt_Printf(arg->prompt, "address redirect: invalid alias address\n");
prompt_Printf(arg->prompt, "Usage: alias %s %s\n", arg->cmd->name,
prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name,
arg->cmd->syntax);
return 1;
}
@ -193,7 +193,7 @@ alias_RedirectAddr(struct cmdargs const *arg)
if (link == NULL) {
prompt_Printf(arg->prompt, "address redirect: packet aliasing"
" engine error\n");
prompt_Printf(arg->prompt, "Usage: alias %s %s\n", arg->cmd->name,
prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name,
arg->cmd->syntax);
}
} else
@ -289,7 +289,7 @@ StrToAddrAndPort(const char *str, struct in_addr *addr, u_short *low,
}
int
alias_ProxyRule(struct cmdargs const *arg)
nat_ProxyRule(struct cmdargs const *arg)
{
char cmd[LINE_LEN];
int f, pos;
@ -312,7 +312,7 @@ alias_ProxyRule(struct cmdargs const *arg)
}
int
alias_Pptp(struct cmdargs const *arg)
nat_Pptp(struct cmdargs const *arg)
{
struct in_addr addr;
@ -336,7 +336,7 @@ alias_Pptp(struct cmdargs const *arg)
}
static struct mbuf *
alias_PadMbuf(struct mbuf *bp, int type)
nat_PadMbuf(struct mbuf *bp, int type)
{
struct mbuf **last;
int len;
@ -352,14 +352,14 @@ alias_PadMbuf(struct mbuf *bp, int type)
}
static struct mbuf *
alias_LayerPush(struct bundle *bundle, struct link *l, struct mbuf *bp,
nat_LayerPush(struct bundle *bundle, struct link *l, struct mbuf *bp,
int pri, u_short *proto)
{
if (!bundle->AliasEnabled || *proto != PROTO_IP)
if (!bundle->NatEnabled || *proto != PROTO_IP)
return bp;
log_Printf(LogDEBUG, "alias_LayerPush: PROTO_IP -> PROTO_IP\n");
bp = mbuf_Contiguous(alias_PadMbuf(bp, MB_ALIASOUT));
log_Printf(LogDEBUG, "nat_LayerPush: PROTO_IP -> PROTO_IP\n");
bp = mbuf_Contiguous(nat_PadMbuf(bp, MB_NATOUT));
PacketAliasOut(MBUF_CTOP(bp), bp->cnt);
bp->cnt = ntohs(((struct ip *)MBUF_CTOP(bp))->ip_len);
@ -367,7 +367,7 @@ alias_LayerPush(struct bundle *bundle, struct link *l, struct mbuf *bp,
}
static struct mbuf *
alias_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
nat_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
u_short *proto)
{
struct ip *pip, *piip;
@ -375,11 +375,11 @@ alias_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
struct mbuf **last;
char *fptr;
if (!bundle->AliasEnabled || *proto != PROTO_IP)
if (!bundle->NatEnabled || *proto != PROTO_IP)
return bp;
log_Printf(LogDEBUG, "alias_LayerPull: PROTO_IP -> PROTO_IP\n");
bp = mbuf_Contiguous(alias_PadMbuf(bp, MB_ALIASIN));
log_Printf(LogDEBUG, "nat_LayerPull: PROTO_IP -> PROTO_IP\n");
bp = mbuf_Contiguous(nat_PadMbuf(bp, MB_NATIN));
pip = (struct ip *)MBUF_CTOP(bp);
piip = (struct ip *)((char *)pip + (pip->ip_hl << 2));
@ -391,7 +391,7 @@ alias_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
bp->cnt = ntohs(pip->ip_len);
if (bp->cnt > MAX_MRU) {
log_Printf(LogWARN, "alias_LayerPull: Problem with IP header length\n");
log_Printf(LogWARN, "nat_LayerPull: Problem with IP header length\n");
mbuf_Free(bp);
return NULL;
}
@ -413,7 +413,7 @@ alias_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
while ((fptr = PacketAliasGetFragment(MBUF_CTOP(bp))) != NULL) {
PacketAliasFragmentIn(MBUF_CTOP(bp), fptr);
len = ntohs(((struct ip *)fptr)->ip_len);
*last = mbuf_Alloc(len, MB_ALIASIN);
*last = mbuf_Alloc(len, MB_NATIN);
memcpy(MBUF_CTOP(*last), fptr, len);
free(fptr);
last = &(*last)->pnext;
@ -429,5 +429,5 @@ alias_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
return bp;
}
struct layer aliaslayer =
{ LAYER_ALIAS, "alias", alias_LayerPush, alias_LayerPull };
struct layer natlayer =
{ LAYER_NAT, "nat", nat_LayerPush, nat_LayerPull };

12
usr.sbin/ppp/alias_cmd.h
View File

@ -2,14 +2,14 @@
* The code in this file was written by Eivind Eklund <perhaps@yes.no>,
* who places it in the public domain without restriction.
*
* $Id: alias_cmd.h,v 1.10 1999/03/07 18:13:44 brian Exp $
* $Id: alias_cmd.h,v 1.11 1999/05/08 11:06:01 brian Exp $
*/
struct cmdargs;
extern int alias_RedirectPort(struct cmdargs const *);
extern int alias_RedirectAddr(struct cmdargs const *);
extern int alias_ProxyRule(struct cmdargs const *);
extern int alias_Pptp(struct cmdargs const *);
extern int nat_RedirectPort(struct cmdargs const *);
extern int nat_RedirectAddr(struct cmdargs const *);
extern int nat_ProxyRule(struct cmdargs const *);
extern int nat_Pptp(struct cmdargs const *);
extern struct layer aliaslayer;
extern struct layer natlayer;

4
usr.sbin/ppp/bundle.c
View File

@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: bundle.c,v 1.61 1999/08/09 22:56:17 brian Exp $
* $Id: bundle.c,v 1.62 1999/08/17 17:22:44 brian Exp $
*/
#include <sys/param.h>
@ -680,7 +680,7 @@ bundle_Create(const char *prefix, int type, const char **argv)
bundle.routing_seq = 0;
bundle.phase = PHASE_DEAD;
bundle.CleaningUp = 0;
bundle.AliasEnabled = 0;
bundle.NatEnabled = 0;
bundle.fsm.LayerStart = bundle_LayerStart;
bundle.fsm.LayerUp = bundle_LayerUp;

4
usr.sbin/ppp/bundle.h
View File

@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: bundle.h,v 1.24 1999/08/05 10:32:08 brian Exp $
* $Id: bundle.h,v 1.25 1999/08/17 17:22:44 brian Exp $
*/
#define PHASE_DEAD 0 /* Link is dead */
@ -84,7 +84,7 @@ struct bundle {
} phys_type;
unsigned CleaningUp : 1; /* Going to exit.... */
unsigned AliasEnabled : 1; /* Are we using libalias ? */
unsigned NatEnabled : 1; /* Are we using libalias ? */
struct fsm_parent fsm; /* Our callback functions */
struct datalink *links; /* Our data links */

76
usr.sbin/ppp/command.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: command.c,v 1.206 1999/08/17 14:59:05 brian Exp $
* $Id: command.c,v 1.207 1999/08/17 17:22:44 brian Exp $
*
*/
#include <sys/param.h>
@ -41,7 +41,7 @@
#include <termios.h>
#include <unistd.h>
#ifndef NOALIAS
#ifndef NONAT
#ifdef __FreeBSD__
#include <alias.h>
#else
@ -62,7 +62,7 @@
#include "lqr.h"
#include "hdlc.h"
#include "ipcp.h"
#ifndef NOALIAS
#ifndef NONAT
#include "alias_cmd.h"
#endif
#include "systems.h"
@ -144,7 +144,7 @@
#define NEG_VJCOMP 53
const char Version[] = "2.23";
const char VersionDate[] = "$Date: 1999/08/17 14:59:05 $";
const char VersionDate[] = "$Date: 1999/08/17 17:22:44 $";
static int ShowCommand(struct cmdargs const *);
static int TerminalCommand(struct cmdargs const *);
@ -163,7 +163,7 @@ static int IfaceAddCommand(struct cmdargs const *);
static int IfaceDeleteCommand(struct cmdargs const *);
static int IfaceClearCommand(struct cmdargs const *);
static int SetProcTitle(struct cmdargs const *);
#ifndef NOALIAS
#ifndef NONAT
static int AliasEnable(struct cmdargs const *);
static int AliasOption(struct cmdargs const *);
#endif
@ -546,37 +546,37 @@ FgShellCommand(struct cmdargs const *arg)
return ShellCommand(arg, 0);
}
#ifndef NOALIAS
#ifndef NONAT
static struct cmdtab const AliasCommands[] =
{
{"addr", NULL, alias_RedirectAddr, LOCAL_AUTH,
"static address translation", "alias addr [addr_local addr_alias]"},
{"addr", NULL, nat_RedirectAddr, LOCAL_AUTH,
"static address translation", "nat addr [addr_local addr_alias]"},
{"deny_incoming", NULL, AliasOption, LOCAL_AUTH,
"stop incoming connections", "alias deny_incoming [yes|no]",
"stop incoming connections", "nat deny_incoming yes|no",
(const void *) PKT_ALIAS_DENY_INCOMING},
{"enable", NULL, AliasEnable, LOCAL_AUTH,
"enable IP aliasing", "alias enable [yes|no]"},
"enable NAT", "nat enable yes|no"},
{"log", NULL, AliasOption, LOCAL_AUTH,
"log aliasing link creation", "alias log [yes|no]",
"log NAT link creation", "nat log yes|no",
(const void *) PKT_ALIAS_LOG},
{"port", NULL, alias_RedirectPort, LOCAL_AUTH, "port redirection",
"alias port proto localaddr:port[-port] aliasport[-aliasport]"},
{"pptp", NULL, alias_Pptp, LOCAL_AUTH,
"Set the PPTP address", "alias pptp IP"},
{"proxy", NULL, alias_ProxyRule, LOCAL_AUTH,
"proxy control", "alias proxy server host[:port] ..."},
{"port", NULL, nat_RedirectPort, LOCAL_AUTH, "port redirection",
"nat port proto localaddr:port[-port] aliasport[-aliasport]"},
{"pptp", NULL, nat_Pptp, LOCAL_AUTH,
"Set the PPTP address", "nat pptp IP"},
{"proxy", NULL, nat_ProxyRule, LOCAL_AUTH,
"proxy control", "nat proxy server host[:port] ..."},
{"same_ports", NULL, AliasOption, LOCAL_AUTH,
"try to leave port numbers unchanged", "alias same_ports [yes|no]",
"try to leave port numbers unchanged", "nat same_ports yes|no",
(const void *) PKT_ALIAS_SAME_PORTS},
{"unregistered_only", NULL, AliasOption, LOCAL_AUTH,
"alias unregistered (private) IP address space only",
"alias unregistered_only [yes|no]",
"translate unregistered (private) IP address space only",
"nat unregistered_only yes|no",
(const void *) PKT_ALIAS_UNREGISTERED_ONLY},
{"use_sockets", NULL, AliasOption, LOCAL_AUTH,
"allocate host sockets", "alias use_sockets [yes|no]",
"allocate host sockets", "nat use_sockets yes|no",
(const void *) PKT_ALIAS_USE_SOCKETS},
{"help", "?", HelpCommand, LOCAL_AUTH | LOCAL_NO_AUTH,
"Display this message", "alias help|? [command]", AliasCommands},
"Display this message", "nat help|? [command]", AliasCommands},
{NULL, NULL, NULL},
};
#endif
@ -609,7 +609,7 @@ static struct cmdtab const IfaceCommands[] =
{"show", NULL, iface_Show, LOCAL_AUTH,
"Show iface address(es)", "iface show"},
{"help", "?", HelpCommand, LOCAL_AUTH | LOCAL_NO_AUTH,
"Display this message", "alias help|? [command]", IfaceCommands},
"Display this message", "nat help|? [command]", IfaceCommands},
{NULL, NULL, NULL},
};
@ -620,10 +620,6 @@ static struct cmdtab const Commands[] = {
"add route", "add dest mask gateway", NULL},
{NULL, "add!", AddCommand, LOCAL_AUTH,
"add or change route", "add! dest mask gateway", (void *)1},
#ifndef NOALIAS
{"alias", NULL, RunListCommand, LOCAL_AUTH,
"alias control", "alias option [yes|no]", AliasCommands},
#endif
{"allow", "auth", RunListCommand, LOCAL_AUTH,
"Allow ppp access", "allow users|modes ....", AllowCommands},
{"bg", "!bg", BgShellCommand, LOCAL_AUTH,
@ -655,6 +651,10 @@ static struct cmdtab const Commands[] = {
"Link specific commands", "link name command ..."},
{"load", NULL, LoadCommand, LOCAL_AUTH | LOCAL_CX_OPT,
"Load settings", "load [system ...]"},
#ifndef NONAT
{"nat", "alias", RunListCommand, LOCAL_AUTH,
"NAT control", "nat option yes|no", AliasCommands},
#endif
{"open", NULL, OpenCommand, LOCAL_AUTH | LOCAL_CX_OPT,
"Open an FSM", "open! [lcp|ccp|ipcp]", (void *)1},
{"passwd", NULL, PasswdCommand, LOCAL_NO_AUTH,
@ -2015,20 +2015,20 @@ DeleteCommand(struct cmdargs const *arg)
return 0;
}
#ifndef NOALIAS
#ifndef NONAT
static int
AliasEnable(struct cmdargs const *arg)
{
if (arg->argc == arg->argn+1) {
if (strcasecmp(arg->argv[arg->argn], "yes") == 0) {
if (!arg->bundle->AliasEnabled) {
if (!arg->bundle->NatEnabled) {
if (arg->bundle->ncp.ipcp.fsm.state == ST_OPENED)
PacketAliasSetAddress(arg->bundle->ncp.ipcp.my_ip);
arg->bundle->AliasEnabled = 1;
arg->bundle->NatEnabled = 1;
}
return 0;
} else if (strcasecmp(arg->argv[arg->argn], "no") == 0) {
arg->bundle->AliasEnabled = 0;
arg->bundle->NatEnabled = 0;
arg->bundle->cfg.opt &= ~OPT_IFACEALIAS;
/* Don't iface_Clear() - there may be manually configured addresses */
return 0;
@ -2046,22 +2046,22 @@ AliasOption(struct cmdargs const *arg)
if (arg->argc == arg->argn+1) {
if (strcasecmp(arg->argv[arg->argn], "yes") == 0) {
if (arg->bundle->AliasEnabled) {
if (arg->bundle->NatEnabled) {
PacketAliasSetMode(param, param);
return 0;
}
log_Printf(LogWARN, "alias not enabled\n");
log_Printf(LogWARN, "nat not enabled\n");
} else if (strcmp(arg->argv[arg->argn], "no") == 0) {
if (arg->bundle->AliasEnabled) {
if (arg->bundle->NatEnabled) {
PacketAliasSetMode(0, param);
return 0;
}
log_Printf(LogWARN, "alias not enabled\n");
log_Printf(LogWARN, "nat not enabled\n");
}
}
return -1;
}
#endif /* #ifndef NOALIAS */
#endif /* #ifndef NONAT */
static int
LinkCommand(struct cmdargs const *arg)
@ -2196,9 +2196,9 @@ IfaceAliasOptSet(struct cmdargs const *arg)
int result = OptSet(arg);
if (result == 0)
if (Enabled(arg->bundle, OPT_IFACEALIAS) && !arg->bundle->AliasEnabled) {
if (Enabled(arg->bundle, OPT_IFACEALIAS) && !arg->bundle->NatEnabled) {
arg->bundle->cfg.opt = save;
log_Printf(LogWARN, "Cannot enable iface-alias without IP aliasing\n");
log_Printf(LogWARN, "Cannot enable iface-alias without NAT\n");
result = 2;
}

8
usr.sbin/ppp/ipcp.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: ipcp.c,v 1.81 1999/06/08 20:12:06 brian Exp $
* $Id: ipcp.c,v 1.82 1999/08/05 10:32:12 brian Exp $
*
* TODO:
* o Support IPADDRS properly
@ -41,7 +41,7 @@
#include <termios.h>
#include <unistd.h>
#ifndef NOALIAS
#ifndef NONAT
#ifdef __FreeBSD__
#include <alias.h>
#else
@ -745,8 +745,8 @@ ipcp_InterfaceUp(struct ipcp *ipcp)
return 0;
}
#ifndef NOALIAS
if (ipcp->fsm.bundle->AliasEnabled)
#ifndef NONAT
if (ipcp->fsm.bundle->NatEnabled)
PacketAliasSetAddress(ipcp->my_ip);
#endif

4
usr.sbin/ppp/layer.h
View File

@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id:$
* $Id: layer.h,v 1.1 1999/05/08 11:06:50 brian Exp $
*/
#define LAYER_ASYNC 2
@ -34,7 +34,7 @@
#define LAYER_LQR 7
#define LAYER_CCP 8
#define LAYER_VJ 9
#define LAYER_ALIAS 10
#define LAYER_NAT 10
#define LAYER_MAX 10 /* How many layers we can handle on a link */

133
usr.sbin/ppp/main.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: main.c,v 1.155 1999/05/13 16:34:57 brian Exp $
* $Id: main.c,v 1.156 1999/08/09 22:54:51 brian Exp $
*
* TODO:
*/
@ -39,7 +39,7 @@
#include <unistd.h>
#include <sys/stat.h>
#ifndef NOALIAS
#ifndef NONAT
#ifdef __FreeBSD__
#include <alias.h>
#else
@ -181,35 +181,43 @@ static void
Usage(void)
{
fprintf(stderr,
"Usage: ppp [-auto | -background | -direct | -dedicated | -ddial ]"
"Usage: ppp [-auto | -foreground | -background | -direct | -dedicated | -ddial | -interactive]"
#ifndef NOALIAS
" [ -alias ]"
" [-nat]"
#endif
" [system ...]\n");
exit(EX_START);
}
static int
ProcessArgs(int argc, char **argv, int *mode, int *alias)
ProcessArgs(int argc, char **argv, int *mode, int *nat, int *fg, int *quiet)
{
int optc, newmode, arg;
char *cp;
optc = 0;
*mode = PHYS_INTERACTIVE;
*alias = 0;
*nat = 0;
*fg = 0;
*quiet = 0;
for (arg = 1; arg < argc && *argv[arg] == '-'; arg++, optc++) {
cp = argv[arg] + 1;
newmode = Nam2mode(cp);
switch (newmode) {
case PHYS_NONE:
if (strcmp(cp, "alias") == 0) {
#ifdef NOALIAS
log_Printf(LogWARN, "Cannot load alias library (compiled out)\n");
if (strcmp(cp, "nat") == 0 || strcmp(cp, "alias") == 0) {
#ifdef NONAT
log_Printf(LogWARN, "Cannot load libalias (compiled out)\n");
#else
*alias = 1;
*nat = 1;
#endif
optc--; /* this option isn't exclusive */
} else if (strcmp(cp, "quiet") == 0) {
*quiet = 1;
optc--; /* this option isn't exclusive */
} else if (strcmp(cp, "foreground") == 0) {
*mode = PHYS_BACKGROUND; /* Kinda like background mode */
*fg = 1;
} else
Usage();
break;
@ -257,7 +265,7 @@ main(int argc, char **argv)
{
char *name;
const char *lastlabel;
int nfds, mode, alias, label, arg;
int nfds, mode, nat, fg, quiet, label, arg;
struct bundle *bundle;
struct prompt *prompt;
@ -274,10 +282,10 @@ main(int argc, char **argv)
name = strrchr(argv[0], '/');
log_Open(name ? name + 1 : argv[0]);
#ifndef NOALIAS
#ifndef NONAT
PacketAliasInit();
#endif
label = ProcessArgs(argc, argv, &mode, &alias);
label = ProcessArgs(argc, argv, &mode, &nat, &fg, &quiet);
/*
* A FreeBSD & OpenBSD hack to dodge a bug in the tty driver that drops
@ -325,7 +333,8 @@ main(int argc, char **argv)
else
CheckLabel("default", prompt, mode);
prompt_Printf(prompt, "Working in %s mode\n", mode2Nam(mode));
if (!quiet)
prompt_Printf(prompt, "Working in %s mode\n", mode2Nam(mode));
if ((bundle = bundle_Create(TUN_PREFIX, mode, (const char **)argv)) == NULL) {
log_Printf(LogWARN, "bundle_Create: %s\n", strerror(errno));
@ -336,11 +345,12 @@ main(int argc, char **argv)
if (prompt) {
prompt->bundle = bundle; /* couldn't do it earlier */
prompt_Printf(prompt, "Using interface: %s\n", bundle->iface->name);
if (!quiet)
prompt_Printf(prompt, "Using interface: %s\n", bundle->iface->name);
}
SignalBundle = bundle;
bundle->AliasEnabled = alias;
if (alias)
bundle->NatEnabled = nat;
if (nat)
bundle->cfg.opt |= OPT_IFACEALIAS;
if (system_Select(bundle, "default", CONFFILE, prompt, NULL) < 0)
@ -379,68 +389,71 @@ main(int argc, char **argv)
if (mode != PHYS_INTERACTIVE) {
if (mode != PHYS_DIRECT) {
int bgpipe[2];
pid_t bgpid;
if (!fg) {
int bgpipe[2];
pid_t bgpid;
if (mode == PHYS_BACKGROUND && pipe(bgpipe)) {
log_Printf(LogERROR, "pipe: %s\n", strerror(errno));
AbortProgram(EX_SOCK);
}
if (mode == PHYS_BACKGROUND && pipe(bgpipe)) {
log_Printf(LogERROR, "pipe: %s\n", strerror(errno));
AbortProgram(EX_SOCK);
}
bgpid = fork();
if (bgpid == -1) {
log_Printf(LogERROR, "fork: %s\n", strerror(errno));
AbortProgram(EX_SOCK);
}
bgpid = fork();
if (bgpid == -1) {
log_Printf(LogERROR, "fork: %s\n", strerror(errno));
AbortProgram(EX_SOCK);
}
if (bgpid) {
char c = EX_NORMAL;
if (bgpid) {
char c = EX_NORMAL;
if (mode == PHYS_BACKGROUND) {
close(bgpipe[1]);
BGPid = bgpid;
/* If we get a signal, kill the child */
signal(SIGHUP, KillChild);
signal(SIGTERM, KillChild);
signal(SIGINT, KillChild);
signal(SIGQUIT, KillChild);
if (mode == PHYS_BACKGROUND) {
close(bgpipe[1]);
BGPid = bgpid;
/* If we get a signal, kill the child */
signal(SIGHUP, KillChild);
signal(SIGTERM, KillChild);
signal(SIGINT, KillChild);
signal(SIGQUIT, KillChild);
/* Wait for our child to close its pipe before we exit */
if (read(bgpipe[0], &c, 1) != 1) {
prompt_Printf(prompt, "Child exit, no status.\n");
log_Printf(LogPHASE, "Parent: Child exit, no status.\n");
} else if (c == EX_NORMAL) {
prompt_Printf(prompt, "PPP enabled.\n");
log_Printf(LogPHASE, "Parent: PPP enabled.\n");
} else {
prompt_Printf(prompt, "Child failed (%s).\n", ex_desc((int) c));
log_Printf(LogPHASE, "Parent: Child failed (%s).\n",
ex_desc((int) c));
/* Wait for our child to close its pipe before we exit */
if (read(bgpipe[0], &c, 1) != 1) {
prompt_Printf(prompt, "Child exit, no status.\n");
log_Printf(LogPHASE, "Parent: Child exit, no status.\n");
} else if (c == EX_NORMAL) {
prompt_Printf(prompt, "PPP enabled.\n");
log_Printf(LogPHASE, "Parent: PPP enabled.\n");
} else {
prompt_Printf(prompt, "Child failed (%s).\n", ex_desc((int) c));
log_Printf(LogPHASE, "Parent: Child failed (%s).\n",
ex_desc((int) c));
}
close(bgpipe[0]);
}
return c;
} else if (mode == PHYS_BACKGROUND) {
close(bgpipe[0]);
}
return c;
} else if (mode == PHYS_BACKGROUND) {
close(bgpipe[0]);
bundle->notify.fd = bgpipe[1];
bundle->notify.fd = bgpipe[1];
}
bundle_LockTun(bundle); /* we have a new pid */
}
bundle_LockTun(bundle); /* we have a new pid */
/* -auto, -dedicated, -ddial & -background */
/* -auto, -dedicated, -ddial, -foreground & -background */
prompt_Destroy(prompt, 0);
close(STDOUT_FILENO);
close(STDERR_FILENO);
close(STDIN_FILENO);
setsid();
if (!fg)
setsid();
} else {
/* -direct: STDIN_FILENO gets used by modem_Open */
/* -direct - STDIN_FILENO gets used by physical_Open */
prompt_TtyInit(NULL);
close(STDOUT_FILENO);
close(STDERR_FILENO);
}
} else {
/* Interactive mode */
/* -interactive */
close(STDERR_FILENO);
prompt_TtyInit(prompt);
prompt_TtyCommandMode(prompt);

4
usr.sbin/ppp/mbuf.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: mbuf.c,v 1.27 1999/06/02 15:59:04 brian Exp $
* $Id: mbuf.c,v 1.28 1999/08/09 22:56:18 brian Exp $
*
*/
#include <sys/types.h>
@ -221,7 +221,7 @@ mbuf_Show(struct cmdargs const *arg)
{
int i;
static const char *mbuftype[] = {
"ip in", "ip out", "alias in", "alias out", "mp in", "mp out",
"ip in", "ip out", "nat in", "nat out", "mp in", "mp out",
"vj in", "vj out", "icompd in", "icompd out", "compd in", "compd out",
"lqr in", "lqr out", "echo in", "echo out", "proto in", "proto out",
"acf in", "acf out", "sync in", "sync out", "hdlc in", "hdlc out",

6
usr.sbin/ppp/mbuf.h
View File

@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: mbuf.h,v 1.17 1999/05/09 20:02:25 brian Exp $
* $Id: mbuf.h,v 1.18 1999/06/02 15:59:05 brian Exp $
*
* TODO:
*/
@ -44,8 +44,8 @@ struct mqueue {
#define MB_IPIN 0
#define MB_IPOUT 1
#define MB_ALIASIN 2
#define MB_ALIASOUT 3
#define MB_NATIN 2
#define MB_NATOUT 3
#define MB_MPIN 4
#define MB_MPOUT 5
#define MB_VJIN 6

8
usr.sbin/ppp/mp.c
View File

@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: mp.c,v 1.25 1999/06/09 16:54:03 brian Exp $
* $Id: mp.c,v 1.26 1999/08/05 10:32:12 brian Exp $
*/
#include <sys/param.h>
@ -45,7 +45,7 @@
#include <unistd.h>
#include "layer.h"
#ifndef NOALIAS
#ifndef NONAT
#include "alias_cmd.h"
#endif
#include "vjcomp.h"
@ -278,8 +278,8 @@ mp_Init(struct mp *mp, struct bundle *bundle)
link_Stack(&mp->link, &protolayer);
link_Stack(&mp->link, &ccplayer);
link_Stack(&mp->link, &vjlayer);
#ifndef NOALIAS
link_Stack(&mp->link, &aliaslayer);
#ifndef NONAT
link_Stack(&mp->link, &natlayer);
#endif
}

58
usr.sbin/ppp/nat_cmd.c
View File

@ -2,7 +2,7 @@
* The code in this file was written by Eivind Eklund <perhaps@yes.no>,
* who places it in the public domain without restriction.
*
* $Id: alias_cmd.c,v 1.28 1999/07/24 02:53:39 brian Exp $
* $Id: alias_cmd.c,v 1.29 1999/07/28 19:39:00 brian Exp $
*/
#include <sys/param.h>
@ -70,9 +70,9 @@ lowhigh(u_short *a, u_short *b)
}
int
alias_RedirectPort(struct cmdargs const *arg)
nat_RedirectPort(struct cmdargs const *arg)
{
if (!arg->bundle->AliasEnabled) {
if (!arg->bundle->NatEnabled) {
prompt_Printf(arg->prompt, "Alias not enabled\n");
return 1;
} else if (arg->argc == arg->argn + 3 || arg->argc == arg->argn + 4) {
@ -101,14 +101,14 @@ alias_RedirectPort(struct cmdargs const *arg)
error = StrToAddrAndPort(arg->argv[arg->argn+1], &localaddr, &llocalport,
&hlocalport, proto);
if (error) {
prompt_Printf(arg->prompt, "alias port: error reading localaddr:port\n");
prompt_Printf(arg->prompt, "nat port: error reading localaddr:port\n");
return -1;
}
error = StrToPortRange(arg->argv[arg->argn+2], &laliasport, &haliasport,
proto);
if (error) {
prompt_Printf(arg->prompt, "alias port: error reading alias port\n");
prompt_Printf(arg->prompt, "nat port: error reading alias port\n");
return -1;
}
aliasaddr.s_addr = INADDR_ANY;
@ -117,7 +117,7 @@ alias_RedirectPort(struct cmdargs const *arg)
error = StrToAddrAndPort(arg->argv[arg->argn+3], &remoteaddr,
&lremoteport, &hremoteport, proto);
if (error) {
prompt_Printf(arg->prompt, "alias port: error reading "
prompt_Printf(arg->prompt, "nat port: error reading "
"remoteaddr:port\n");
return -1;
}
@ -131,13 +131,13 @@ alias_RedirectPort(struct cmdargs const *arg)
lowhigh(&lremoteport, &hremoteport);
if (haliasport - laliasport != hlocalport - llocalport) {
prompt_Printf(arg->prompt, "alias port: local & alias port ranges "
prompt_Printf(arg->prompt, "nat port: local & alias port ranges "
"are not equal\n");
return -1;
}
if (hremoteport && hremoteport - lremoteport != hlocalport - llocalport) {
prompt_Printf(arg->prompt, "alias port: local & remote port ranges "
prompt_Printf(arg->prompt, "nat port: local & remote port ranges "
"are not equal\n");
return -1;
}
@ -149,7 +149,7 @@ alias_RedirectPort(struct cmdargs const *arg)
proto_constant);
if (link == NULL) {
prompt_Printf(arg->prompt, "alias port: %d: error %d\n", laliasport,
prompt_Printf(arg->prompt, "nat port: %d: error %d\n", laliasport,
error);
return 1;
}
@ -167,10 +167,10 @@ alias_RedirectPort(struct cmdargs const *arg)
int
alias_RedirectAddr(struct cmdargs const *arg)
nat_RedirectAddr(struct cmdargs const *arg)
{
if (!arg->bundle->AliasEnabled) {
prompt_Printf(arg->prompt, "alias not enabled\n");
if (!arg->bundle->NatEnabled) {
prompt_Printf(arg->prompt, "nat not enabled\n");
return 1;
} else if (arg->argc == arg->argn+2) {
int error;
@ -185,7 +185,7 @@ alias_RedirectAddr(struct cmdargs const *arg)
error = StrToAddr(arg->argv[arg->argn+1], &aliasaddr);
if (error) {
prompt_Printf(arg->prompt, "address redirect: invalid alias address\n");
prompt_Printf(arg->prompt, "Usage: alias %s %s\n", arg->cmd->name,
prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name,
arg->cmd->syntax);
return 1;
}
@ -193,7 +193,7 @@ alias_RedirectAddr(struct cmdargs const *arg)
if (link == NULL) {
prompt_Printf(arg->prompt, "address redirect: packet aliasing"
" engine error\n");
prompt_Printf(arg->prompt, "Usage: alias %s %s\n", arg->cmd->name,
prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name,
arg->cmd->syntax);
}
} else
@ -289,7 +289,7 @@ StrToAddrAndPort(const char *str, struct in_addr *addr, u_short *low,
}
int
alias_ProxyRule(struct cmdargs const *arg)
nat_ProxyRule(struct cmdargs const *arg)
{
char cmd[LINE_LEN];
int f, pos;
@ -312,7 +312,7 @@ alias_ProxyRule(struct cmdargs const *arg)
}
int
alias_Pptp(struct cmdargs const *arg)
nat_Pptp(struct cmdargs const *arg)
{
struct in_addr addr;
@ -336,7 +336,7 @@ alias_Pptp(struct cmdargs const *arg)
}
static struct mbuf *
alias_PadMbuf(struct mbuf *bp, int type)
nat_PadMbuf(struct mbuf *bp, int type)
{
struct mbuf **last;
int len;
@ -352,14 +352,14 @@ alias_PadMbuf(struct mbuf *bp, int type)
}
static struct mbuf *
alias_LayerPush(struct bundle *bundle, struct link *l, struct mbuf *bp,
nat_LayerPush(struct bundle *bundle, struct link *l, struct mbuf *bp,
int pri, u_short *proto)
{
if (!bundle->AliasEnabled || *proto != PROTO_IP)
if (!bundle->NatEnabled || *proto != PROTO_IP)
return bp;
log_Printf(LogDEBUG, "alias_LayerPush: PROTO_IP -> PROTO_IP\n");
bp = mbuf_Contiguous(alias_PadMbuf(bp, MB_ALIASOUT));
log_Printf(LogDEBUG, "nat_LayerPush: PROTO_IP -> PROTO_IP\n");
bp = mbuf_Contiguous(nat_PadMbuf(bp, MB_NATOUT));
PacketAliasOut(MBUF_CTOP(bp), bp->cnt);
bp->cnt = ntohs(((struct ip *)MBUF_CTOP(bp))->ip_len);
@ -367,7 +367,7 @@ alias_LayerPush(struct bundle *bundle, struct link *l, struct mbuf *bp,
}
static struct mbuf *
alias_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
nat_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
u_short *proto)
{
struct ip *pip, *piip;
@ -375,11 +375,11 @@ alias_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
struct mbuf **last;
char *fptr;
if (!bundle->AliasEnabled || *proto != PROTO_IP)
if (!bundle->NatEnabled || *proto != PROTO_IP)
return bp;
log_Printf(LogDEBUG, "alias_LayerPull: PROTO_IP -> PROTO_IP\n");
bp = mbuf_Contiguous(alias_PadMbuf(bp, MB_ALIASIN));
log_Printf(LogDEBUG, "nat_LayerPull: PROTO_IP -> PROTO_IP\n");
bp = mbuf_Contiguous(nat_PadMbuf(bp, MB_NATIN));
pip = (struct ip *)MBUF_CTOP(bp);
piip = (struct ip *)((char *)pip + (pip->ip_hl << 2));
@ -391,7 +391,7 @@ alias_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
bp->cnt = ntohs(pip->ip_len);
if (bp->cnt > MAX_MRU) {
log_Printf(LogWARN, "alias_LayerPull: Problem with IP header length\n");
log_Printf(LogWARN, "nat_LayerPull: Problem with IP header length\n");
mbuf_Free(bp);
return NULL;
}
@ -413,7 +413,7 @@ alias_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
while ((fptr = PacketAliasGetFragment(MBUF_CTOP(bp))) != NULL) {
PacketAliasFragmentIn(MBUF_CTOP(bp), fptr);
len = ntohs(((struct ip *)fptr)->ip_len);
*last = mbuf_Alloc(len, MB_ALIASIN);
*last = mbuf_Alloc(len, MB_NATIN);
memcpy(MBUF_CTOP(*last), fptr, len);
free(fptr);
last = &(*last)->pnext;
@ -429,5 +429,5 @@ alias_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
return bp;
}
struct layer aliaslayer =
{ LAYER_ALIAS, "alias", alias_LayerPush, alias_LayerPull };
struct layer natlayer =
{ LAYER_NAT, "nat", nat_LayerPush, nat_LayerPull };

12
usr.sbin/ppp/nat_cmd.h
View File

@ -2,14 +2,14 @@
* The code in this file was written by Eivind Eklund <perhaps@yes.no>,
* who places it in the public domain without restriction.
*
* $Id: alias_cmd.h,v 1.10 1999/03/07 18:13:44 brian Exp $
* $Id: alias_cmd.h,v 1.11 1999/05/08 11:06:01 brian Exp $
*/
struct cmdargs;
extern int alias_RedirectPort(struct cmdargs const *);
extern int alias_RedirectAddr(struct cmdargs const *);
extern int alias_ProxyRule(struct cmdargs const *);
extern int alias_Pptp(struct cmdargs const *);
extern int nat_RedirectPort(struct cmdargs const *);
extern int nat_RedirectAddr(struct cmdargs const *);
extern int nat_ProxyRule(struct cmdargs const *);
extern int nat_Pptp(struct cmdargs const *);
extern struct layer aliaslayer;
extern struct layer natlayer;

8
usr.sbin/ppp/physical.c
View File

@ -16,7 +16,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: physical.c,v 1.19 1999/08/05 10:32:13 brian Exp $
* $Id: physical.c,v 1.20 1999/08/06 20:04:05 brian Exp $
*
*/
@ -45,7 +45,7 @@
#endif
#include "layer.h"
#ifndef NOALIAS
#ifndef NONAT
#include "alias_cmd.h"
#endif
#include "proto.h"
@ -985,8 +985,8 @@ physical_SetupStack(struct physical *p, const char *who, int how)
link_Stack(&p->link, &lqrlayer);
link_Stack(&p->link, &ccplayer);
link_Stack(&p->link, &vjlayer);
#ifndef NOALIAS
link_Stack(&p->link, &aliaslayer);
#ifndef NONAT
link_Stack(&p->link, &natlayer);
#endif
if (how == PHYSICAL_FORCE_ASYNC && physical_IsSync(p)) {
log_Printf(LogWARN, "Sync device setting ignored for ``%s'' device\n", who);

122
usr.sbin/ppp/ppp.8
View File

@ -1,4 +1,4 @@
.\" $Id: ppp.8,v 1.189 1999/08/17 17:22:46 brian Exp $
.\" $Id: ppp.8,v 1.190 1999/08/18 15:35:54 brian Exp $
.Dd 20 September 1995
.nr XX \w'\fC00'
.Os FreeBSD
@ -8,7 +8,8 @@
.Nd Point to Point Protocol (a.k.a. user-ppp)
.Sh SYNOPSIS
.Nm
.Op Fl alias
.Op Fl nat
.Op Fl quiet
.Op Fl Va mode
.Op Ar system Ns
.No ...
@ -26,18 +27,27 @@ is done as a user process with the help of the
tunnel device driver (tun).
.Pp
The
.Fl nat
flag (or
.Fl alias
flag does the equivalent of an
.Dq alias enable yes ,
flag for backwards compatability) does the equivalent of a
.Dq nat enable yes ,
enabling
.Nm ppp Ns No s
packet aliasing features. This allows
network address translation features. This allows
.Nm ppp
to act as a NAT or masquerading engine for all machines on an internal
LAN. Refer to
.Xr libalias 3
for details.
.Pp
The
.Fl quiet
flag tells
.Nm
to be silent at startup rather than displaying the mode and interface
to standard output.
.Pp
The following
.Va mode Ns No s
are understood by
@ -81,6 +91,14 @@ goes into the background and the parent process returns an exit code
of 0. If it fails,
.Nm
exits with a non-zero result.
.It Fl foreground
In foreground mode,
.Nm
attempts to establish a connection with the peer immediately, but never
becomes a daemon. The link is created in background mode. This is useful
if you wish to control
.Nm ppp Ns No s
invocation from another process.
.It Fl direct
This is used for receiving incoming connections.
.Nm
@ -1327,10 +1345,12 @@ from "tcp" to "udp". When using UDP as a transport,
will operate in synchronous mode. This is another gain as the incoming
data does not have to be rearranged into packets.
.Pp
.Sh PACKET ALIASING
.Sh NETWORK ADDRESS TRANSLATION (PACKET ALIASING)
The
.Fl alias
command line option enables packet aliasing. This allows the
.Fl nat
.Pq \&or Fl alias
command line option enables network address translation (a.k.a. packet
aliasing). This allows the
.Nm
host to act as a masquerading gateway for other computers over
a local area network. Outgoing IP packets are aliased so that
@ -1343,9 +1363,9 @@ subnets to have Internet access, although they are invisible
from the outside world.
In general, correct
.Nm
operation should first be verified with packet aliasing disabled.
operation should first be verified with network address translation disabled.
Then, the
.Fl alias
.Fl nat
option should be switched on, and network applications (web browser,
.Xr telnet 1 ,
.Xr ftp 1 ,
@ -2637,24 +2657,24 @@ not to make any utmp or wtmp entries. This is usually only necessary if
you require the user to both login and authenticate themselves.
.It iface-alias
Default: Enabled if
.Fl alias
.Fl nat
is specified. This option simply tells
.Nm
to add new interface addresses to the interface rather than replacing them.
The option can only be enabled if IP aliasing is enabled
.Pq Dq alias enable yes .
The option can only be enabled if network address translation is enabled
.Pq Dq nat enable yes .
.Pp
With this option enabled,
.Nm
will pass traffic for old interface addresses through the IP alias engine
will pass traffic for old interface addresses through the NAT engine
.Pq see Xr libalias 5 ,
resulting in the ability (in
.Fl auto
mode) to properly connect the process that caused the PPP link to
come up in the first place.
.Pp
Disabling IP aliasing with
.Dq alias enable no
Disabling NAT with
.Dq nat enable no
will also disable
.Sq iface-alias .
.El
@ -2796,36 +2816,46 @@ When running in multi-link mode, a section can be loaded if it allows
of the currently existing line modes.
.El
.Pp
.It alias Ar command Op Ar args
This command allows the control of the aliasing (or masquerading)
facilities that are built into
.It nat Ar command Op Ar args
This command allows the control of the network address translation (also
known as masquerading or IP aliasing) facilities that are built into
.Nm ppp .
If aliasing is enabled on your system (it may be omitted at compile time),
NAT is done on the external interface only, and is unlikely to make sense
if used with the
.Fl direct
flag.
.Pp
For backwards compatibility, the word
.Dq alias
may be used in place of
.Dq nat .
If nat is enabled on your system (it may be omitted at compile time),
the following commands are possible:
.Bl -tag -width XX
.It alias enable Op yes|no
This command either switches aliasing on or turns it off.
.It nat enable yes|no
This command either switches network address translation on or turns it off.
The
.Fl alias
.Fl nat
command line flag is synonymous with
.Dq alias enable yes .
.It alias addr Op Ar addr_local addr_alias
.Dq nat enable yes .
.It nat addr Op Ar addr_local addr_alias
This command allows data for
.Ar addr_alias
to be redirected to
.Ar addr_local .
It is useful if you own a small number of real IP numbers that
you wish to map to specific machines behind your gateway.
.It alias deny_incoming Op yes|no
.It nat deny_incoming yes|no
If set to yes, this command will refuse all incoming connections
by dropping the packets in much the same way as a firewall would.
.It alias help|?
This command gives a summary of available alias commands.
.It alias log Op yes|no
This option causes various aliasing statistics and information to
.It nat help|?
This command gives a summary of available nat commands.
.It nat log yes|no
This option causes various NAT statistics and information to
be logged to the file
.Pa /var/log/alias.log .
.It alias port Ar proto Ar targetIP Ns Xo
This file name is likely to change in the near future.
.It nat port Ar proto Ar targetIP Ns Xo
.No : Ns Ar targetPort Ns
.Oo
.No - Ns Ar targetPort
@ -2867,10 +2897,10 @@ or a range of ports the same size as the other ranges.
This option is useful if you wish to run things like Internet phone on
machines behind your gateway, but is limited in that connections to only
one interior machine per source machine and target port are possible.
.It alias pptp Op Ar addr
.It nat pptp Op Ar addr
This tells
.Nm
to alias any
to translate any
.Em G Ns No eneral
.Em R Ns No outing
.Em E Ns No encapsulated
@ -2889,8 +2919,8 @@ If
.Ar addr
is not specified,
.Dv PPTP
aliasing is disabled.
.It "alias proxy cmd" Ar arg Ns No ...
address translation is disabled.
.It "nat proxy cmd" Ar arg Ns No ...
This command tells
.Nm
to proxy certain connections, redirecting them to a given server. Refer
@ -2899,16 +2929,16 @@ to the description of
in
.Xr libalias 3
for details of the available commands.
.It alias same_ports Op yes|no
When enabled, this command will tell the alias library attempt to
avoid changing the port number on outgoing packets. This is useful
.It nat same_ports yes|no
When enabled, this command will tell the network address translation engine to
attempt to avoid changing the port number on outgoing packets. This is useful
if you want to support protocols such as RPC and LPD which require
connections to come from a well known port.
.It alias use_sockets Op yes|no
When enabled, this option tells the alias library to create a
socket so that it can guarantee a correct incoming ftp data or
.It nat use_sockets yes|no
When enabled, this option tells the network address translation engine to
create a socket so that it can guarantee a correct incoming ftp data or
IRC connection.
.It alias unregistered_only Op yes|no
.It nat unregistered_only yes|no
Only alter outgoing packets with an unregistered source ad-
dress. According to RFC 1918, unregistered source addresses
are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
@ -3905,8 +3935,8 @@ into the machine and the
filter specifies packets that are allowed out of the machine.
.Pp
Filtering is done prior to any IP alterations that might be done by the
alias engine on outgoing packets and after any IP alterations that might
be done by the alias engine on incoming packets. By default all filter
NAT engine on outgoing packets and after any IP alterations that might
be done by the NAT engine on incoming packets. By default all filter
sets allow all packets to pass. Rules are processed in order according to
.Ar rule-no
(unless skipped by specifying a rule number as the
@ -4104,7 +4134,7 @@ or
.Pp
Note: If you issue the command
.Dq set mode auto ,
and have IP aliasing enabled, it may be useful to
and have network address translation enabled, it may be useful to
.Dq enable iface-alias
afterwards. This will allow
.Nm
@ -4579,7 +4609,7 @@ Read the example configuration files. They are a good source of information.
.It
Use
.Dq help ,
.Dq alias ? ,
.Dq nat ? ,
.Dq enable ? ,
.Dq set ?
and

122
usr.sbin/ppp/ppp.8.m4
View File

@ -1,4 +1,4 @@
.\" $Id: ppp.8,v 1.189 1999/08/17 17:22:46 brian Exp $
.\" $Id: ppp.8,v 1.190 1999/08/18 15:35:54 brian Exp $
.Dd 20 September 1995
.nr XX \w'\fC00'
.Os FreeBSD
@ -8,7 +8,8 @@
.Nd Point to Point Protocol (a.k.a. user-ppp)
.Sh SYNOPSIS
.Nm
.Op Fl alias
.Op Fl nat
.Op Fl quiet
.Op Fl Va mode
.Op Ar system Ns
.No ...
@ -26,18 +27,27 @@ is done as a user process with the help of the
tunnel device driver (tun).
.Pp
The
.Fl nat
flag (or
.Fl alias
flag does the equivalent of an
.Dq alias enable yes ,
flag for backwards compatability) does the equivalent of a
.Dq nat enable yes ,
enabling
.Nm ppp Ns No s
packet aliasing features. This allows
network address translation features. This allows
.Nm ppp
to act as a NAT or masquerading engine for all machines on an internal
LAN. Refer to
.Xr libalias 3
for details.
.Pp
The
.Fl quiet
flag tells
.Nm
to be silent at startup rather than displaying the mode and interface
to standard output.
.Pp
The following
.Va mode Ns No s
are understood by
@ -81,6 +91,14 @@ goes into the background and the parent process returns an exit code
of 0. If it fails,
.Nm
exits with a non-zero result.
.It Fl foreground
In foreground mode,
.Nm
attempts to establish a connection with the peer immediately, but never
becomes a daemon. The link is created in background mode. This is useful
if you wish to control
.Nm ppp Ns No s
invocation from another process.
.It Fl direct
This is used for receiving incoming connections.
.Nm
@ -1327,10 +1345,12 @@ from "tcp" to "udp". When using UDP as a transport,
will operate in synchronous mode. This is another gain as the incoming
data does not have to be rearranged into packets.
.Pp
.Sh PACKET ALIASING
.Sh NETWORK ADDRESS TRANSLATION (PACKET ALIASING)
The
.Fl alias
command line option enables packet aliasing. This allows the
.Fl nat
.Pq \&or Fl alias
command line option enables network address translation (a.k.a. packet
aliasing). This allows the
.Nm
host to act as a masquerading gateway for other computers over
a local area network. Outgoing IP packets are aliased so that
@ -1343,9 +1363,9 @@ subnets to have Internet access, although they are invisible
from the outside world.
In general, correct
.Nm
operation should first be verified with packet aliasing disabled.
operation should first be verified with network address translation disabled.
Then, the
.Fl alias
.Fl nat
option should be switched on, and network applications (web browser,
.Xr telnet 1 ,
.Xr ftp 1 ,
@ -2637,24 +2657,24 @@ not to make any utmp or wtmp entries. This is usually only necessary if
you require the user to both login and authenticate themselves.
.It iface-alias
Default: Enabled if
.Fl alias
.Fl nat
is specified. This option simply tells
.Nm
to add new interface addresses to the interface rather than replacing them.
The option can only be enabled if IP aliasing is enabled
.Pq Dq alias enable yes .
The option can only be enabled if network address translation is enabled
.Pq Dq nat enable yes .
.Pp
With this option enabled,
.Nm
will pass traffic for old interface addresses through the IP alias engine
will pass traffic for old interface addresses through the NAT engine
.Pq see Xr libalias 5 ,
resulting in the ability (in
.Fl auto
mode) to properly connect the process that caused the PPP link to
come up in the first place.
.Pp
Disabling IP aliasing with
.Dq alias enable no
Disabling NAT with
.Dq nat enable no
will also disable
.Sq iface-alias .
.El
@ -2796,36 +2816,46 @@ When running in multi-link mode, a section can be loaded if it allows
of the currently existing line modes.
.El
.Pp
.It alias Ar command Op Ar args
This command allows the control of the aliasing (or masquerading)
facilities that are built into
.It nat Ar command Op Ar args
This command allows the control of the network address translation (also
known as masquerading or IP aliasing) facilities that are built into
.Nm ppp .
If aliasing is enabled on your system (it may be omitted at compile time),
NAT is done on the external interface only, and is unlikely to make sense
if used with the
.Fl direct
flag.
.Pp
For backwards compatibility, the word
.Dq alias
may be used in place of
.Dq nat .
If nat is enabled on your system (it may be omitted at compile time),
the following commands are possible:
.Bl -tag -width XX
.It alias enable Op yes|no
This command either switches aliasing on or turns it off.
.It nat enable yes|no
This command either switches network address translation on or turns it off.
The
.Fl alias
.Fl nat
command line flag is synonymous with
.Dq alias enable yes .
.It alias addr Op Ar addr_local addr_alias
.Dq nat enable yes .
.It nat addr Op Ar addr_local addr_alias
This command allows data for
.Ar addr_alias
to be redirected to
.Ar addr_local .
It is useful if you own a small number of real IP numbers that
you wish to map to specific machines behind your gateway.
.It alias deny_incoming Op yes|no
.It nat deny_incoming yes|no
If set to yes, this command will refuse all incoming connections
by dropping the packets in much the same way as a firewall would.
.It alias help|?
This command gives a summary of available alias commands.
.It alias log Op yes|no
This option causes various aliasing statistics and information to
.It nat help|?
This command gives a summary of available nat commands.
.It nat log yes|no
This option causes various NAT statistics and information to
be logged to the file
.Pa /var/log/alias.log .
.It alias port Ar proto Ar targetIP Ns Xo
This file name is likely to change in the near future.
.It nat port Ar proto Ar targetIP Ns Xo
.No : Ns Ar targetPort Ns
.Oo
.No - Ns Ar targetPort
@ -2867,10 +2897,10 @@ or a range of ports the same size as the other ranges.
This option is useful if you wish to run things like Internet phone on
machines behind your gateway, but is limited in that connections to only
one interior machine per source machine and target port are possible.
.It alias pptp Op Ar addr
.It nat pptp Op Ar addr
This tells
.Nm
to alias any
to translate any
.Em G Ns No eneral
.Em R Ns No outing
.Em E Ns No encapsulated
@ -2889,8 +2919,8 @@ If
.Ar addr
is not specified,
.Dv PPTP
aliasing is disabled.
.It "alias proxy cmd" Ar arg Ns No ...
address translation is disabled.
.It "nat proxy cmd" Ar arg Ns No ...
This command tells
.Nm
to proxy certain connections, redirecting them to a given server. Refer
@ -2899,16 +2929,16 @@ to the description of
in
.Xr libalias 3
for details of the available commands.
.It alias same_ports Op yes|no
When enabled, this command will tell the alias library attempt to
avoid changing the port number on outgoing packets. This is useful
.It nat same_ports yes|no
When enabled, this command will tell the network address translation engine to
attempt to avoid changing the port number on outgoing packets. This is useful
if you want to support protocols such as RPC and LPD which require
connections to come from a well known port.
.It alias use_sockets Op yes|no
When enabled, this option tells the alias library to create a
socket so that it can guarantee a correct incoming ftp data or
.It nat use_sockets yes|no
When enabled, this option tells the network address translation engine to
create a socket so that it can guarantee a correct incoming ftp data or
IRC connection.
.It alias unregistered_only Op yes|no
.It nat unregistered_only yes|no
Only alter outgoing packets with an unregistered source ad-
dress. According to RFC 1918, unregistered source addresses
are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
@ -3905,8 +3935,8 @@ into the machine and the
filter specifies packets that are allowed out of the machine.
.Pp
Filtering is done prior to any IP alterations that might be done by the
alias engine on outgoing packets and after any IP alterations that might
be done by the alias engine on incoming packets. By default all filter
NAT engine on outgoing packets and after any IP alterations that might
be done by the NAT engine on incoming packets. By default all filter
sets allow all packets to pass. Rules are processed in order according to
.Ar rule-no
(unless skipped by specifying a rule number as the
@ -4104,7 +4134,7 @@ or
.Pp
Note: If you issue the command
.Dq set mode auto ,
and have IP aliasing enabled, it may be useful to
and have network address translation enabled, it may be useful to
.Dq enable iface-alias
afterwards. This will allow
.Nm
@ -4579,7 +4609,7 @@ Read the example configuration files. They are a good source of information.
.It
Use
.Dq help ,
.Dq alias ? ,
.Dq nat ? ,
.Dq enable ? ,
.Dq set ?
and