Add Cisco Skinny Station protocol support to libalias, natd, and ppp.

Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers.  With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.

Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.

PR:		55843
Reviewed by:	ru
Approved by:	ru
MFC after:	30 days

18 files changed, 127 insertions, 2 deletions

diff --git a/lib/libalias/Makefile b/lib/libalias/Makefile
index bf26f05..f262be1 100644
--- a/lib/libalias/Makefile
+++ b/lib/libalias/Makefile
@@ -5,7 +5,7 @@ SHLIBDIR?= /lib
 SHLIB_MAJOR=	4
 MAN=	libalias.3
 SRCS=	alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \
-	alias_nbt.c alias_pptp.c alias_proxy.c alias_smedia.c \
+	alias_nbt.c alias_pptp.c alias_proxy.c alias_skinny.c alias_smedia.c \
 	alias_util.c
 INCS=	alias.h
 
diff --git a/lib/libalias/alias.c b/lib/libalias/alias.c
index 54839ff..cf93a74 100644
--- a/lib/libalias/alias.c
+++ b/lib/libalias/alias.c
@@ -917,6 +917,9 @@ TcpAliasIn(struct ip *pip)
         if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
          || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
             AliasHandlePptpIn(pip, link);
+        else if (skinnyPort != 0 && (ntohs(tc->th_dport) == skinnyPort
+         || ntohs(tc->th_sport) == skinnyPort))
+            AliasHandleSkinny(pip, link);
 
         alias_address = GetAliasAddress(link);
         original_address = GetOriginalAddress(link);
@@ -1098,6 +1101,9 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
         else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
          || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
             AliasHandlePptpOut(pip, link);
+        else if (skinnyPort != 0 && (ntohs(tc->th_sport) == skinnyPort
+         || ntohs(tc->th_dport) == skinnyPort))
+            AliasHandleSkinny(pip, link);
 
 /* Adjust TCP checksum since source port is being aliased */
 /* and source address is being altered                    */
diff --git a/lib/libalias/alias.h b/lib/libalias/alias.h
index eb35bf7..b0c75c9 100644
--- a/lib/libalias/alias.h
+++ b/lib/libalias/alias.h
@@ -45,6 +45,7 @@
 void	 PacketAliasInit(void);
 void	 PacketAliasSetAddress(struct in_addr _addr);
 void	 PacketAliasSetFWBase(unsigned int _base, unsigned int _num);
+void	 PacketAliasSetSkinnyPort(unsigned int _port);
 unsigned int
 	 PacketAliasSetMode(unsigned int _flags, unsigned int _mask);
 void	 PacketAliasUninit(void);
diff --git a/lib/libalias/alias_db.c b/lib/libalias/alias_db.c
index ec25070..e53e94d 100644
--- a/lib/libalias/alias_db.c
+++ b/lib/libalias/alias_db.c
@@ -398,6 +398,9 @@ static int fireWallFD = -1;          /* File descriptor to be able to   */
                                      /* flag.                           */
 #endif
 
+unsigned int skinnyPort = 0;         /* TCP port used by the Skinny     */
+                                     /* protocol.                       */
+
 
 
 
@@ -2948,3 +2951,8 @@ PacketAliasSetFWBase(unsigned int base, unsigned int num) {
     fireWallNumNums = num;
 #endif
 }
+
+void
+PacketAliasSetSkinnyPort(unsigned int port) {
+    skinnyPort = port;
+}
diff --git a/lib/libalias/alias_local.h b/lib/libalias/alias_local.h
index 4428d2a..d207f9f 100644
--- a/lib/libalias/alias_local.h
+++ b/lib/libalias/alias_local.h
@@ -74,6 +74,7 @@
 /* Globals */
 
 extern int packetAliasMode;
+extern unsigned int skinnyPort;
 
 /* Prototypes */
 
@@ -212,6 +213,9 @@ int	 AliasHandleUdpNbtNS(struct ip *_pip, struct alias_link *_link,
 void	 AliasHandleCUSeeMeOut(struct ip *_pip, struct alias_link *_link);
 void	 AliasHandleCUSeeMeIn(struct ip *_pip, struct in_addr _original_addr);
 
+/* Skinny routines */
+void	 AliasHandleSkinny(struct ip *_pip, struct alias_link *_link);
+
 /* Transparent proxy routines */
 int	 ProxyCheck(struct ip *_pip, struct in_addr *_proxy_server_addr,
 	    u_short *_proxy_server_port);
diff --git a/lib/libalias/libalias.3 b/lib/libalias/libalias.3
index a75cd2b..e5ef09e 100644
--- a/lib/libalias/libalias.3
+++ b/lib/libalias/libalias.3
@@ -265,6 +265,16 @@ Set firewall range allocated for punching firewall holes (with the
 flag).
 The range will be cleared for all rules on initialization.
 .Ed
+.Pp
+.Ft void
+.Fn PacketAliasSkinnyPort "unsigned int port"
+.Bd -ragged -offset indent
+Set the TCP port used by the Skinny Station protocol.
+Skinny is used by Cisco IP phones to communicate with
+Cisco Call Managers to set up voice over IP calls.
+If this is not set, Skinny aliasing will not be done.
+The typical port used by Skinny is 2000.
+.Ed
 .Sh PACKET HANDLING
 The packet handling functions are used to modify incoming (remote to local)
 and outgoing (local to remote) packets.
diff --git a/sbin/natd/natd.8 b/sbin/natd/natd.8
index 92a2656..d8c7bf8 100644
--- a/sbin/natd/natd.8
+++ b/sbin/natd/natd.8
@@ -31,6 +31,7 @@
 .Op Fl log_denied
 .Op Fl log_facility Ar facility_name
 .Op Fl punch_fw Ar firewall_range
+.Op Fl skinny_port Ar port
 .Op Fl log_ipfw_denied
 .Op Fl pid_file | P Ar pidfile
 .Ek
@@ -483,6 +484,13 @@ rules starting from the rule number
 .Ar basenumber
 will be used for punching firewall holes.
 The range will be cleared for all rules on startup.
+.It Fl skinny_port Ar port
+This option allows you to specify the TCP port used for
+the Skinny Station protocol.
+Skinny is used by Cisco IP phones to communicate with
+Cisco Call Managers to set up voice over IP calls.
+By default, Skinny aliasing is not performed.
+The typical port value for Skinny is 2000.
 .It Fl log_ipfw_denied
 Log when a packet cannot be re-injected because an
 .Xr ipfw 8
diff --git a/sbin/natd/natd.c b/sbin/natd/natd.c
index ec123f7..f8ba6a6 100644
--- a/sbin/natd/natd.c
+++ b/sbin/natd/natd.c
@@ -99,6 +99,7 @@ static int 	StrToProto (const char* str);
 static int      StrToAddrAndPortRange (const char* str, struct in_addr* addr, char* proto, port_range *portRange);
 static void	ParseArgs (int argc, char** argv);
 static void	SetupPunchFW(const char *strValue);
+static void	SetupSkinnyPort(const char *strValue);
 
 /*
  * Globals.
@@ -838,6 +839,7 @@ enum Option {
  	LogDenied,
  	LogFacility,
 	PunchFW,
+	SkinnyPort,
 	LogIpfwDenied,
 	PidFile
 };
@@ -1059,6 +1061,14 @@ static struct OptionInfo optionTable[] = {
 		"punch_fw",
 		NULL },
 
+	{ SkinnyPort,
+		0,
+		String,
+		"port",
+		"set the TCP port for use with the Skinny Station protocol",
+		"skinny_port",
+		NULL },
+
 	{ LogIpfwDenied,
 		0,
 		YesNo,
@@ -1258,6 +1268,10 @@ static void ParseOption (const char* option, const char* parms)
 		SetupPunchFW(strValue);
 		break;
 
+	case SkinnyPort:
+		SetupSkinnyPort(strValue);
+		break;
+
 	case LogIpfwDenied:
 		logIpfwDenied = yesNoValue;;
 		break;
@@ -1705,3 +1719,14 @@ SetupPunchFW(const char *strValue)
 	PacketAliasSetFWBase(base, num);
 	(void)PacketAliasSetMode(PKT_ALIAS_PUNCH_FW, PKT_ALIAS_PUNCH_FW);
 }
+
+static void
+SetupSkinnyPort(const char *strValue)
+{
+	unsigned int port;
+
+	if (sscanf(strValue, "%u", &port) != 1)
+		errx(1, "skinny_port: port parameter required");
+
+	PacketAliasSetSkinnyPort(port);
+}
diff --git a/sys/netinet/libalias/Makefile b/sys/netinet/libalias/Makefile
index bf26f05..f262be1 100644
--- a/sys/netinet/libalias/Makefile
+++ b/sys/netinet/libalias/Makefile
@@ -5,7 +5,7 @@ SHLIBDIR?= /lib
 SHLIB_MAJOR=	4
 MAN=	libalias.3
 SRCS=	alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \
-	alias_nbt.c alias_pptp.c alias_proxy.c alias_smedia.c \
+	alias_nbt.c alias_pptp.c alias_proxy.c alias_skinny.c alias_smedia.c \
 	alias_util.c
 INCS=	alias.h
 
diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c
index 54839ff..cf93a74 100644
--- a/sys/netinet/libalias/alias.c
+++ b/sys/netinet/libalias/alias.c
@@ -917,6 +917,9 @@ TcpAliasIn(struct ip *pip)
         if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
          || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
             AliasHandlePptpIn(pip, link);
+        else if (skinnyPort != 0 && (ntohs(tc->th_dport) == skinnyPort
+         || ntohs(tc->th_sport) == skinnyPort))
+            AliasHandleSkinny(pip, link);
 
         alias_address = GetAliasAddress(link);
         original_address = GetOriginalAddress(link);
@@ -1098,6 +1101,9 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
         else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
          || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
             AliasHandlePptpOut(pip, link);
+        else if (skinnyPort != 0 && (ntohs(tc->th_sport) == skinnyPort
+         || ntohs(tc->th_dport) == skinnyPort))
+            AliasHandleSkinny(pip, link);
 
 /* Adjust TCP checksum since source port is being aliased */
 /* and source address is being altered                    */
diff --git a/sys/netinet/libalias/alias.h b/sys/netinet/libalias/alias.h
index eb35bf7..b0c75c9 100644
--- a/sys/netinet/libalias/alias.h
+++ b/sys/netinet/libalias/alias.h
@@ -45,6 +45,7 @@
 void	 PacketAliasInit(void);
 void	 PacketAliasSetAddress(struct in_addr _addr);
 void	 PacketAliasSetFWBase(unsigned int _base, unsigned int _num);
+void	 PacketAliasSetSkinnyPort(unsigned int _port);
 unsigned int
 	 PacketAliasSetMode(unsigned int _flags, unsigned int _mask);
 void	 PacketAliasUninit(void);
diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c
index ec25070..e53e94d 100644
--- a/sys/netinet/libalias/alias_db.c
+++ b/sys/netinet/libalias/alias_db.c
@@ -398,6 +398,9 @@ static int fireWallFD = -1;          /* File descriptor to be able to   */
                                      /* flag.                           */
 #endif
 
+unsigned int skinnyPort = 0;         /* TCP port used by the Skinny     */
+                                     /* protocol.                       */
+
 
 
 
@@ -2948,3 +2951,8 @@ PacketAliasSetFWBase(unsigned int base, unsigned int num) {
     fireWallNumNums = num;
 #endif
 }
+
+void
+PacketAliasSetSkinnyPort(unsigned int port) {
+    skinnyPort = port;
+}
diff --git a/sys/netinet/libalias/alias_local.h b/sys/netinet/libalias/alias_local.h
index 4428d2a..d207f9f 100644
--- a/sys/netinet/libalias/alias_local.h
+++ b/sys/netinet/libalias/alias_local.h
@@ -74,6 +74,7 @@
 /* Globals */
 
 extern int packetAliasMode;
+extern unsigned int skinnyPort;
 
 /* Prototypes */
 
@@ -212,6 +213,9 @@ int	 AliasHandleUdpNbtNS(struct ip *_pip, struct alias_link *_link,
 void	 AliasHandleCUSeeMeOut(struct ip *_pip, struct alias_link *_link);
 void	 AliasHandleCUSeeMeIn(struct ip *_pip, struct in_addr _original_addr);
 
+/* Skinny routines */
+void	 AliasHandleSkinny(struct ip *_pip, struct alias_link *_link);
+
 /* Transparent proxy routines */
 int	 ProxyCheck(struct ip *_pip, struct in_addr *_proxy_server_addr,
 	    u_short *_proxy_server_port);
diff --git a/sys/netinet/libalias/libalias.3 b/sys/netinet/libalias/libalias.3
index a75cd2b..e5ef09e 100644
--- a/sys/netinet/libalias/libalias.3
+++ b/sys/netinet/libalias/libalias.3
@@ -265,6 +265,16 @@ Set firewall range allocated for punching firewall holes (with the
 flag).
 The range will be cleared for all rules on initialization.
 .Ed
+.Pp
+.Ft void
+.Fn PacketAliasSkinnyPort "unsigned int port"
+.Bd -ragged -offset indent
+Set the TCP port used by the Skinny Station protocol.
+Skinny is used by Cisco IP phones to communicate with
+Cisco Call Managers to set up voice over IP calls.
+If this is not set, Skinny aliasing will not be done.
+The typical port used by Skinny is 2000.
+.Ed
 .Sh PACKET HANDLING
 The packet handling functions are used to modify incoming (remote to local)
 and outgoing (local to remote) packets.
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c
index d05471c..635b197 100644
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@@ -773,6 +773,8 @@ static struct cmdtab const NatCommands[] =
   {"punch_fw", NULL, nat_PunchFW, LOCAL_AUTH,
    "firewall control", "nat punch_fw [base count]"},
 #endif
+  {"skinny_port", NULL, nat_SkinnyPort, LOCAL_AUTH,
+   "TCP port used by Skinny Station protocol", "nat skinny_port [port]"},
   {"same_ports", NULL, NatOption, LOCAL_AUTH,
    "try to leave port numbers unchanged", "nat same_ports yes|no",
    (const void *) PKT_ALIAS_SAME_PORTS},
diff --git a/usr.sbin/ppp/nat_cmd.c b/usr.sbin/ppp/nat_cmd.c
index deb9932..8172fd6 100644
--- a/usr.sbin/ppp/nat_cmd.c
+++ b/usr.sbin/ppp/nat_cmd.c
@@ -470,6 +470,29 @@ nat_PunchFW(struct cmdargs const *arg)
 }
 #endif
 
+int
+nat_SkinnyPort(struct cmdargs const *arg)
+{
+  char *end;
+  long port;
+
+  if (arg->argc == arg->argn) {
+    PacketAliasSetSkinnyPort(0);
+    return 0;
+  }
+
+  if (arg->argc != arg->argn + 1)
+    return -1;
+
+  port = strtol(arg->argv[arg->argn], &end, 10);
+  if (*end != '\0' || port < 0)
+    return -1;
+
+  PacketAliasSetSkinnyPort(port);
+
+  return 0;
+}
+
 static struct mbuf *
 nat_LayerPush(struct bundle *bundle, struct link *l, struct mbuf *bp,
                 int pri, u_short *proto)
diff --git a/usr.sbin/ppp/nat_cmd.h b/usr.sbin/ppp/nat_cmd.h
index c70afb0..f4c3655 100644
--- a/usr.sbin/ppp/nat_cmd.h
+++ b/usr.sbin/ppp/nat_cmd.h
@@ -37,5 +37,6 @@ extern int nat_SetTarget(struct cmdargs const *);
 #ifndef NO_FW_PUNCH
 extern int nat_PunchFW(struct cmdargs const *);
 #endif
+extern int nat_SkinnyPort(struct cmdargs const *);
 
 extern struct layer natlayer;
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4
index e58b4a4..a3de3bf 100644
--- a/usr.sbin/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp.8.m4
@@ -3470,6 +3470,14 @@ The range will be cleared when the
 command is run.
 .Pp
 If no arguments are given, firewall punching is disabled.
+.It nat skinny_port Op Ar port
+This command tells
+.Nm
+which TCP port is used by the Skinny Station protocol.  Skinny is used by
+Cisco IP phones to communicate with Cisco Call Managers to setup voice
+over IP calls.  The typical port used by Skinny is 2000.
+.Pp
+If no argument is given, skinny aliasing is disabled.
 .It nat same_ports yes|no
 When enabled, this command will tell the network address translation engine to
 attempt to avoid changing the port number on outgoing packets.