diff options
| -rw-r--r-- | lib/libalias/Makefile | 2 | ||||
| -rw-r--r-- | lib/libalias/alias.c | 6 | ||||
| -rw-r--r-- | lib/libalias/alias.h | 1 | ||||
| -rw-r--r-- | lib/libalias/alias_db.c | 8 | ||||
| -rw-r--r-- | lib/libalias/alias_local.h | 4 | ||||
| -rw-r--r-- | lib/libalias/libalias.3 | 10 | ||||
| -rw-r--r-- | sbin/natd/natd.8 | 8 | ||||
| -rw-r--r-- | sbin/natd/natd.c | 25 | ||||
| -rw-r--r-- | sys/netinet/libalias/Makefile | 2 | ||||
| -rw-r--r-- | sys/netinet/libalias/alias.c | 6 | ||||
| -rw-r--r-- | sys/netinet/libalias/alias.h | 1 | ||||
| -rw-r--r-- | sys/netinet/libalias/alias_db.c | 8 | ||||
| -rw-r--r-- | sys/netinet/libalias/alias_local.h | 4 | ||||
| -rw-r--r-- | sys/netinet/libalias/libalias.3 | 10 | ||||
| -rw-r--r-- | usr.sbin/ppp/command.c | 2 | ||||
| -rw-r--r-- | usr.sbin/ppp/nat_cmd.c | 23 | ||||
| -rw-r--r-- | usr.sbin/ppp/nat_cmd.h | 1 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp.8.m4 | 8 |
18 files changed, 127 insertions, 2 deletions
diff --git a/lib/libalias/Makefile b/lib/libalias/Makefile index bf26f05..f262be1 100644 --- a/lib/libalias/Makefile +++ b/lib/libalias/Makefile @@ -5,7 +5,7 @@ SHLIBDIR?= /lib SHLIB_MAJOR= 4 MAN= libalias.3 SRCS= alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \ - alias_nbt.c alias_pptp.c alias_proxy.c alias_smedia.c \ + alias_nbt.c alias_pptp.c alias_proxy.c alias_skinny.c alias_smedia.c \ alias_util.c INCS= alias.h diff --git a/lib/libalias/alias.c b/lib/libalias/alias.c index 54839ff..cf93a74 100644 --- a/lib/libalias/alias.c +++ b/lib/libalias/alias.c @@ -917,6 +917,9 @@ TcpAliasIn(struct ip *pip) if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER) AliasHandlePptpIn(pip, link); + else if (skinnyPort != 0 && (ntohs(tc->th_dport) == skinnyPort + || ntohs(tc->th_sport) == skinnyPort)) + AliasHandleSkinny(pip, link); alias_address = GetAliasAddress(link); original_address = GetOriginalAddress(link); @@ -1098,6 +1101,9 @@ TcpAliasOut(struct ip *pip, int maxpacketsize) else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER) AliasHandlePptpOut(pip, link); + else if (skinnyPort != 0 && (ntohs(tc->th_sport) == skinnyPort + || ntohs(tc->th_dport) == skinnyPort)) + AliasHandleSkinny(pip, link); /* Adjust TCP checksum since source port is being aliased */ /* and source address is being altered */ diff --git a/lib/libalias/alias.h b/lib/libalias/alias.h index eb35bf7..b0c75c9 100644 --- a/lib/libalias/alias.h +++ b/lib/libalias/alias.h @@ -45,6 +45,7 @@ void PacketAliasInit(void); void PacketAliasSetAddress(struct in_addr _addr); void PacketAliasSetFWBase(unsigned int _base, unsigned int _num); +void PacketAliasSetSkinnyPort(unsigned int _port); unsigned int PacketAliasSetMode(unsigned int _flags, unsigned int _mask); void PacketAliasUninit(void); diff --git a/lib/libalias/alias_db.c b/lib/libalias/alias_db.c index ec25070..e53e94d 100644 --- a/lib/libalias/alias_db.c +++ b/lib/libalias/alias_db.c @@ -398,6 +398,9 @@ static int fireWallFD = -1; /* File descriptor to be able to */ /* flag. */ #endif +unsigned int skinnyPort = 0; /* TCP port used by the Skinny */ + /* protocol. */ + @@ -2948,3 +2951,8 @@ PacketAliasSetFWBase(unsigned int base, unsigned int num) { fireWallNumNums = num; #endif } + +void +PacketAliasSetSkinnyPort(unsigned int port) { + skinnyPort = port; +} diff --git a/lib/libalias/alias_local.h b/lib/libalias/alias_local.h index 4428d2a..d207f9f 100644 --- a/lib/libalias/alias_local.h +++ b/lib/libalias/alias_local.h @@ -74,6 +74,7 @@ /* Globals */ extern int packetAliasMode; +extern unsigned int skinnyPort; /* Prototypes */ @@ -212,6 +213,9 @@ int AliasHandleUdpNbtNS(struct ip *_pip, struct alias_link *_link, void AliasHandleCUSeeMeOut(struct ip *_pip, struct alias_link *_link); void AliasHandleCUSeeMeIn(struct ip *_pip, struct in_addr _original_addr); +/* Skinny routines */ +void AliasHandleSkinny(struct ip *_pip, struct alias_link *_link); + /* Transparent proxy routines */ int ProxyCheck(struct ip *_pip, struct in_addr *_proxy_server_addr, u_short *_proxy_server_port); diff --git a/lib/libalias/libalias.3 b/lib/libalias/libalias.3 index a75cd2b..e5ef09e 100644 --- a/lib/libalias/libalias.3 +++ b/lib/libalias/libalias.3 @@ -265,6 +265,16 @@ Set firewall range allocated for punching firewall holes (with the flag). The range will be cleared for all rules on initialization. .Ed +.Pp +.Ft void +.Fn PacketAliasSkinnyPort "unsigned int port" +.Bd -ragged -offset indent +Set the TCP port used by the Skinny Station protocol. +Skinny is used by Cisco IP phones to communicate with +Cisco Call Managers to set up voice over IP calls. +If this is not set, Skinny aliasing will not be done. +The typical port used by Skinny is 2000. +.Ed .Sh PACKET HANDLING The packet handling functions are used to modify incoming (remote to local) and outgoing (local to remote) packets. diff --git a/sbin/natd/natd.8 b/sbin/natd/natd.8 index 92a2656..d8c7bf8 100644 --- a/sbin/natd/natd.8 +++ b/sbin/natd/natd.8 @@ -31,6 +31,7 @@ .Op Fl log_denied .Op Fl log_facility Ar facility_name .Op Fl punch_fw Ar firewall_range +.Op Fl skinny_port Ar port .Op Fl log_ipfw_denied .Op Fl pid_file | P Ar pidfile .Ek @@ -483,6 +484,13 @@ rules starting from the rule number .Ar basenumber will be used for punching firewall holes. The range will be cleared for all rules on startup. +.It Fl skinny_port Ar port +This option allows you to specify the TCP port used for +the Skinny Station protocol. +Skinny is used by Cisco IP phones to communicate with +Cisco Call Managers to set up voice over IP calls. +By default, Skinny aliasing is not performed. +The typical port value for Skinny is 2000. .It Fl log_ipfw_denied Log when a packet cannot be re-injected because an .Xr ipfw 8 diff --git a/sbin/natd/natd.c b/sbin/natd/natd.c index ec123f7..f8ba6a6 100644 --- a/sbin/natd/natd.c +++ b/sbin/natd/natd.c @@ -99,6 +99,7 @@ static int StrToProto (const char* str); static int StrToAddrAndPortRange (const char* str, struct in_addr* addr, char* proto, port_range *portRange); static void ParseArgs (int argc, char** argv); static void SetupPunchFW(const char *strValue); +static void SetupSkinnyPort(const char *strValue); /* * Globals. @@ -838,6 +839,7 @@ enum Option { LogDenied, LogFacility, PunchFW, + SkinnyPort, LogIpfwDenied, PidFile }; @@ -1059,6 +1061,14 @@ static struct OptionInfo optionTable[] = { "punch_fw", NULL }, + { SkinnyPort, + 0, + String, + "port", + "set the TCP port for use with the Skinny Station protocol", + "skinny_port", + NULL }, + { LogIpfwDenied, 0, YesNo, @@ -1258,6 +1268,10 @@ static void ParseOption (const char* option, const char* parms) SetupPunchFW(strValue); break; + case SkinnyPort: + SetupSkinnyPort(strValue); + break; + case LogIpfwDenied: logIpfwDenied = yesNoValue;; break; @@ -1705,3 +1719,14 @@ SetupPunchFW(const char *strValue) PacketAliasSetFWBase(base, num); (void)PacketAliasSetMode(PKT_ALIAS_PUNCH_FW, PKT_ALIAS_PUNCH_FW); } + +static void +SetupSkinnyPort(const char *strValue) +{ + unsigned int port; + + if (sscanf(strValue, "%u", &port) != 1) + errx(1, "skinny_port: port parameter required"); + + PacketAliasSetSkinnyPort(port); +} diff --git a/sys/netinet/libalias/Makefile b/sys/netinet/libalias/Makefile index bf26f05..f262be1 100644 --- a/sys/netinet/libalias/Makefile +++ b/sys/netinet/libalias/Makefile @@ -5,7 +5,7 @@ SHLIBDIR?= /lib SHLIB_MAJOR= 4 MAN= libalias.3 SRCS= alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \ - alias_nbt.c alias_pptp.c alias_proxy.c alias_smedia.c \ + alias_nbt.c alias_pptp.c alias_proxy.c alias_skinny.c alias_smedia.c \ alias_util.c INCS= alias.h diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c index 54839ff..cf93a74 100644 --- a/sys/netinet/libalias/alias.c +++ b/sys/netinet/libalias/alias.c @@ -917,6 +917,9 @@ TcpAliasIn(struct ip *pip) if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER) AliasHandlePptpIn(pip, link); + else if (skinnyPort != 0 && (ntohs(tc->th_dport) == skinnyPort + || ntohs(tc->th_sport) == skinnyPort)) + AliasHandleSkinny(pip, link); alias_address = GetAliasAddress(link); original_address = GetOriginalAddress(link); @@ -1098,6 +1101,9 @@ TcpAliasOut(struct ip *pip, int maxpacketsize) else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER) AliasHandlePptpOut(pip, link); + else if (skinnyPort != 0 && (ntohs(tc->th_sport) == skinnyPort + || ntohs(tc->th_dport) == skinnyPort)) + AliasHandleSkinny(pip, link); /* Adjust TCP checksum since source port is being aliased */ /* and source address is being altered */ diff --git a/sys/netinet/libalias/alias.h b/sys/netinet/libalias/alias.h index eb35bf7..b0c75c9 100644 --- a/sys/netinet/libalias/alias.h +++ b/sys/netinet/libalias/alias.h @@ -45,6 +45,7 @@ void PacketAliasInit(void); void PacketAliasSetAddress(struct in_addr _addr); void PacketAliasSetFWBase(unsigned int _base, unsigned int _num); +void PacketAliasSetSkinnyPort(unsigned int _port); unsigned int PacketAliasSetMode(unsigned int _flags, unsigned int _mask); void PacketAliasUninit(void); diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c index ec25070..e53e94d 100644 --- a/sys/netinet/libalias/alias_db.c +++ b/sys/netinet/libalias/alias_db.c @@ -398,6 +398,9 @@ static int fireWallFD = -1; /* File descriptor to be able to */ /* flag. */ #endif +unsigned int skinnyPort = 0; /* TCP port used by the Skinny */ + /* protocol. */ + @@ -2948,3 +2951,8 @@ PacketAliasSetFWBase(unsigned int base, unsigned int num) { fireWallNumNums = num; #endif } + +void +PacketAliasSetSkinnyPort(unsigned int port) { + skinnyPort = port; +} diff --git a/sys/netinet/libalias/alias_local.h b/sys/netinet/libalias/alias_local.h index 4428d2a..d207f9f 100644 --- a/sys/netinet/libalias/alias_local.h +++ b/sys/netinet/libalias/alias_local.h @@ -74,6 +74,7 @@ /* Globals */ extern int packetAliasMode; +extern unsigned int skinnyPort; /* Prototypes */ @@ -212,6 +213,9 @@ int AliasHandleUdpNbtNS(struct ip *_pip, struct alias_link *_link, void AliasHandleCUSeeMeOut(struct ip *_pip, struct alias_link *_link); void AliasHandleCUSeeMeIn(struct ip *_pip, struct in_addr _original_addr); +/* Skinny routines */ +void AliasHandleSkinny(struct ip *_pip, struct alias_link *_link); + /* Transparent proxy routines */ int ProxyCheck(struct ip *_pip, struct in_addr *_proxy_server_addr, u_short *_proxy_server_port); diff --git a/sys/netinet/libalias/libalias.3 b/sys/netinet/libalias/libalias.3 index a75cd2b..e5ef09e 100644 --- a/sys/netinet/libalias/libalias.3 +++ b/sys/netinet/libalias/libalias.3 @@ -265,6 +265,16 @@ Set firewall range allocated for punching firewall holes (with the flag). The range will be cleared for all rules on initialization. .Ed +.Pp +.Ft void +.Fn PacketAliasSkinnyPort "unsigned int port" +.Bd -ragged -offset indent +Set the TCP port used by the Skinny Station protocol. +Skinny is used by Cisco IP phones to communicate with +Cisco Call Managers to set up voice over IP calls. +If this is not set, Skinny aliasing will not be done. +The typical port used by Skinny is 2000. +.Ed .Sh PACKET HANDLING The packet handling functions are used to modify incoming (remote to local) and outgoing (local to remote) packets. diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c index d05471c..635b197 100644 --- a/usr.sbin/ppp/command.c +++ b/usr.sbin/ppp/command.c @@ -773,6 +773,8 @@ static struct cmdtab const NatCommands[] = {"punch_fw", NULL, nat_PunchFW, LOCAL_AUTH, "firewall control", "nat punch_fw [base count]"}, #endif + {"skinny_port", NULL, nat_SkinnyPort, LOCAL_AUTH, + "TCP port used by Skinny Station protocol", "nat skinny_port [port]"}, {"same_ports", NULL, NatOption, LOCAL_AUTH, "try to leave port numbers unchanged", "nat same_ports yes|no", (const void *) PKT_ALIAS_SAME_PORTS}, diff --git a/usr.sbin/ppp/nat_cmd.c b/usr.sbin/ppp/nat_cmd.c index deb9932..8172fd6 100644 --- a/usr.sbin/ppp/nat_cmd.c +++ b/usr.sbin/ppp/nat_cmd.c @@ -470,6 +470,29 @@ nat_PunchFW(struct cmdargs const *arg) } #endif +int +nat_SkinnyPort(struct cmdargs const *arg) +{ + char *end; + long port; + + if (arg->argc == arg->argn) { + PacketAliasSetSkinnyPort(0); + return 0; + } + + if (arg->argc != arg->argn + 1) + return -1; + + port = strtol(arg->argv[arg->argn], &end, 10); + if (*end != '\0' || port < 0) + return -1; + + PacketAliasSetSkinnyPort(port); + + return 0; +} + static struct mbuf * nat_LayerPush(struct bundle *bundle, struct link *l, struct mbuf *bp, int pri, u_short *proto) diff --git a/usr.sbin/ppp/nat_cmd.h b/usr.sbin/ppp/nat_cmd.h index c70afb0..f4c3655 100644 --- a/usr.sbin/ppp/nat_cmd.h +++ b/usr.sbin/ppp/nat_cmd.h @@ -37,5 +37,6 @@ extern int nat_SetTarget(struct cmdargs const *); #ifndef NO_FW_PUNCH extern int nat_PunchFW(struct cmdargs const *); #endif +extern int nat_SkinnyPort(struct cmdargs const *); extern struct layer natlayer; diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4 index e58b4a4..a3de3bf 100644 --- a/usr.sbin/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp.8.m4 @@ -3470,6 +3470,14 @@ The range will be cleared when the command is run. .Pp If no arguments are given, firewall punching is disabled. +.It nat skinny_port Op Ar port +This command tells +.Nm +which TCP port is used by the Skinny Station protocol. Skinny is used by +Cisco IP phones to communicate with Cisco Call Managers to setup voice +over IP calls. The typical port used by Skinny is 2000. +.Pp +If no argument is given, skinny aliasing is disabled. .It nat same_ports yes|no When enabled, this command will tell the network address translation engine to attempt to avoid changing the port number on outgoing packets. |
