git: cb21fa3d0d26 - main - ppp: Enable support for EIM NAT
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 06 Dec 2024 09:23:38 UTC
The branch main has been updated by thj:
URL: https://cgit.FreeBSD.org/src/commit/?id=cb21fa3d0d2640a6f48a21c406cac9dd07681052
commit cb21fa3d0d2640a6f48a21c406cac9dd07681052
Author: Damjan Jovanovic <damjan.jov@gmail.com>
AuthorDate: 2024-12-06 09:22:51 +0000
Commit: Tom Jones <thj@FreeBSD.org>
CommitDate: 2024-12-06 09:22:51 +0000
ppp: Enable support for EIM NAT
Enable support for endpoint-independent mapping ("full cone NAT") via
Libalias's UDP NAT.
Reviewed by: igoro, thj
Differential Revision: https://reviews.freebsd.org/D46689
---
usr.sbin/ppp/command.c | 4 ++++
usr.sbin/ppp/ppp.8 | 22 +++++++++++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c
index e94c18ae3fd2..4b4f0de8028c 100644
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@@ -793,6 +793,10 @@ static struct cmdtab const NatCommands[] =
{"use_sockets", NULL, NatOption, LOCAL_AUTH,
"allocate host sockets", "nat use_sockets yes|no",
(const void *) PKT_ALIAS_USE_SOCKETS},
+ {"udp_eim", NULL, NatOption, LOCAL_AUTH,
+ "UDP uses endpoint-independent mapping (\"full cone\" NAT)",
+ "nat udp_eim yes|no",
+ (const void *) PKT_ALIAS_UDP_EIM},
{"help", "?", HelpCommand, LOCAL_AUTH | LOCAL_NO_AUTH,
"Display this message", "nat help|? [command]", NatCommands},
{NULL, NULL, NULL, 0, NULL, NULL, NULL},
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8
index 9242a9c337a0..33bdc69f45a3 100644
--- a/usr.sbin/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp.8
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd November 18, 2024
+.Dd December 6, 2024
.Dt PPP 8
.Os
.Sh NAME
@@ -3579,6 +3579,26 @@ network.
The target address may be set to
.Dq MYADDR ,
in which case libalias will redirect all packets to the interface address.
+.It nat udp_eim yes|no
+When enabled, UDP packets use endpoint-independent mapping (EIM) from RFC 4787
+("full cone" NAT of RFC 3489).
+All packets from the same internal address:port are mapped to the same NAT
+address:port, regardless of their destination address:port.
+If filtering rules allow, and if
+.Em deny_incoming
+is disabled, any other external address:port can
+also send to the internal address:port through its mapped NAT address:port.
+This is more compatible with applications, and can reduce the need for port
+forwarding, but less scalable as each NAT address:port can only be
+concurrently used by at most one internal address:port.
+.Pp
+When disabled, UDP packets use endpoint-dependent mapping (EDM) ("symmetric"
+NAT).
+Each connection from a particular internal address:port to different
+external addresses:ports is mapped to a random and unpredictable NAT
+address:port.
+Two appplications behind EDM NATs can only connect to each other
+by port forwarding on the NAT, or tunnelling through an in-between server.
.It nat use_sockets yes|no
When enabled, this option tells the network address translation engine to
create a socket so that it can guarantee a correct incoming ftp data or