summaryrefslogtreecommitdiffstats
path: root/sys/netinet/libalias/libalias.3
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/libalias/libalias.3')
-rw-r--r--sys/netinet/libalias/libalias.385
1 files changed, 75 insertions, 10 deletions
diff --git a/sys/netinet/libalias/libalias.3 b/sys/netinet/libalias/libalias.3
index 6186e19..42840af 100644
--- a/sys/netinet/libalias/libalias.3
+++ b/sys/netinet/libalias/libalias.3
@@ -227,6 +227,15 @@ Normal packet aliasing is not performed.
See
.Fn PacketAliasProxyRule
below for details.
+.It Dv PKT_ALIAS_DENY_PPTP
+If this mode bit is set, all PPTP packets will be marked for being ignored
+(both
+.Fn PacketAliasIn
+and
+.Fn PacketAliasOut
+return
+.Dv PKT_ALIAS_IGNORED
+code).
.El
.Ed
.Pp
@@ -362,9 +371,9 @@ by
.Fn PacketAliasSetAddress
is to be used.
Even if
-.Nm PacketAliasSetAddress
+.Fn PacketAliasSetAddress
is called to change the address after
-.Nm PacketAliasRedirectPort
+.Fn PacketAliasRedirectPort
is called, a zero reference will track this change.
.Pp
If
@@ -577,22 +586,78 @@ internal machines that are not permitted certain types of internet
access, or to restrict access to certain external machines.
.Ed
.Pp
+.Ft struct alias_link *
+.Fo PacketAliasRedirectPptp
+.Fa "struct in_addr local_addr"
+.Fa "struct in_addr remote_addr"
+.Fa "struct in_addr alias_addr"
+.Fc
+.Bd -ragged -offset indent
+This function specifies that any Point to Point Tunneling Protocol
+(PPTP) traffic from a given remote address to an alias address be
+redirected to a specified local address.
+Currently supported PPTP protocols include:
+.Pp
+.Bl -tag -width "IPPROTO_GRE" -compact
+.It IPPROTO_GRE
+Generic Routing Encapsulation (RFC 1702)
+.It IPPROTO_ESP
+IP Encapsulating Security Payload (RFC 1827)
+.It IPPROTO_AH
+IP Authentication Header (RFC 1826)
+.El
+.Pp
+If
+.Fa local_addr
+or
+.Fa alias_addr
+is zero, this indicates that the packet aliasing address as established
+by
+.Fn PacketAliasSetAddress
+is to be used.
+Even if
+.Fn PacketAliasSetAddress
+is called to change the address after
+.Fn PacketAliasRedirectPptp
+is called, a zero reference will track this change.
+.Pp
+If
+.Fa remote_addr
+is zero, this indicates to redirect PPTP packets from any remote address.
+Non-zero remote addresses can sometimes be useful for firewalling.
+.Pp
+If two calls to
+.Fn PacketAliasRedirectPptp
+overlap in their address specifications, then the most recent call
+will have precedence.
+.Pp
+This function returns a pointer which can subsequently be used by
+.Fn PacketAliasRedirectDelete .
+If
+.Dv NULL
+is returned, then the function call did not complete successfully.
+.Ed
+.Pp
.Ft int
.Fn PacketAliasPptp "struct in_addr addr"
.Bd -ragged -offset indent
-This function causes any General Routing Encapsulation
-.Pq Dv IPPROTO_GRE
-packets to be aliased using
-.Ar addr
+This function causes any PPTP packets to be aliased using
+.Fa addr
rather than the address set via
.Fn PacketAliasSetAddress .
-This allows the uses of the Point to Point Tunneling Protocol (PPTP)
-on a machine on the internal network.
+This allows the uses of the PPTP on a single machine on the internal network.
.Pp
If the passed address is
.Dv INADDR_NONE ,
-.Dv PPTP
-aliasing is disabled.
+then PPTP aliasing is disabled.
+.Pp
+.Bf -symbolic
+This function is made obsolete by
+.Fn PacketAliasRedirectPptp
+and
+.Dv PKT_ALIAS_DENY_PPTP
+mode bit, and is provided only for backward compatibility.
+.Ef
.Ed
.Sh FRAGMENT HANDLING
The functions in this section are used to deal with incoming fragments.
OpenPOWER on IntegriCloud