From nobody Fri Dec 06 09:23:38 2024
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Y4QmV5wHjz5fwf4;
	Fri, 06 Dec 2024 09:23:38 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Y4QmV5Fgjz4jn9;
	Fri,  6 Dec 2024 09:23:38 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1733477018;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XF9EeKJENvIDNQQ6mmRu8khs5yVUaJ5Kz+ZTZqW/Gdc=;
	b=HaGcNZEFOc3sSj5JtlAcxDQRBYM1/l9eq6GvbUvdZ5rPJjQsKZ0eyIoD3HSy63so8KmUhg
	3eN6YhlZwbqKSR0GkZyrSBKbW5aqX6rQba0ZRCtJ9cXRrODIgy+s/bivh+3Jk5KI8dZqdS
	4nCIe5gZ4pOQiipCqzhB+tJaXNhumA7w6eD6XQwunbLVdmVIDKOxBJuh8MX9h6UC/6dzFB
	+9g6p07F8bd+SL01sKF6Ze9QNIyMPFUAhgXcQX4g5njFH3oa9Gri/qowmB5LOduuzJJwNQ
	pLWE6sRsGSOurhMmqAQDIPi4133FfooQsOi8bXTBNpCnMtmHMVP2BKFD6D/feQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1733477018;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XF9EeKJENvIDNQQ6mmRu8khs5yVUaJ5Kz+ZTZqW/Gdc=;
	b=qDhFz+Naw201GeId+wuN4wJAGJn+wcz9IdhQwM/XfCb4dFhiHdE5qEaQBPZXJ4tdMFwNQ8
	l536fYN/P4EQlJ7Dd/K/SQVbEOiFgRXAUWKKLaybS5ESrtjVgCLrTMB7FecnDntlHz1UM2
	TuPmiAFkIdjWwoSXM9FZdsKszlZiNeTbDlwxId5pDgmwuQUgVhp781BFutkevgKaX44Wgj
	wF+QngQzcozql22p5SMvBp3KYHgqAayEWv3lCde/Rms90YOXlEbtZ2KrmfuxSekMsyNN8x
	6Z7BziMPc0HZBWK1i7YjcvN8k93ybDzSAVRHzz3IMWaJt8+lvvxq7TMHdHYATw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1733477018; a=rsa-sha256; cv=none;
	b=UcsR3Z9HpuWngbiq8ZS/cghvosQwWWb0MRObCjq9Wg9iSZ/gK/EwIb4gmD2p/Gk+LKRGf1
	3tR5bf4eEJdNOS3P4I7zknfnjDsiGjuE/mwwFSi3BNRet25Jra9YVdosBukdp6OsNhe4j1
	rbIdtIPM6UT7rG6zRpQCd6vW7gQQLs8icBOFsW0hHXsC9nycNPNvFNO3fUFfvkZ7aelZYt
	PwUs/iSaS1HTuDXFdFHXpOHj8/LX4fttPZooaIe/hS7QRPfAliGoR7xITbWo0XPNX97mXQ
	TLCaDt5K2oxlNKBMx15M8q+bhsttSr+xRUsuWV3sp5NScOkwJ6v5QFpyLfpAbA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Y4QmV4VNyzXqW;
	Fri,  6 Dec 2024 09:23:38 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4B69NcLG017707;
	Fri, 6 Dec 2024 09:23:38 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4B69NcSm017704;
	Fri, 6 Dec 2024 09:23:38 GMT
	(envelope-from git)
Date: Fri, 6 Dec 2024 09:23:38 GMT
Message-Id: <202412060923.4B69NcSm017704@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Tom Jones <thj@FreeBSD.org>
Subject: git: cb21fa3d0d26 - main - ppp: Enable support for EIM NAT
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: thj
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: cb21fa3d0d2640a6f48a21c406cac9dd07681052
Auto-Submitted: auto-generated

The branch main has been updated by thj:

URL: https://cgit.FreeBSD.org/src/commit/?id=cb21fa3d0d2640a6f48a21c406cac9dd07681052

commit cb21fa3d0d2640a6f48a21c406cac9dd07681052
Author:     Damjan Jovanovic <damjan.jov@gmail.com>
AuthorDate: 2024-12-06 09:22:51 +0000
Commit:     Tom Jones <thj@FreeBSD.org>
CommitDate: 2024-12-06 09:22:51 +0000

    ppp: Enable support for EIM NAT
    
    Enable support for endpoint-independent mapping ("full cone NAT") via
    Libalias's UDP NAT.
    
    Reviewed by:    igoro, thj
    Differential Revision:  https://reviews.freebsd.org/D46689
---
 usr.sbin/ppp/command.c |  4 ++++
 usr.sbin/ppp/ppp.8     | 22 +++++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c
index e94c18ae3fd2..4b4f0de8028c 100644
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@@ -793,6 +793,10 @@ static struct cmdtab const NatCommands[] =
   {"use_sockets", NULL, NatOption, LOCAL_AUTH,
    "allocate host sockets", "nat use_sockets yes|no",
    (const void *) PKT_ALIAS_USE_SOCKETS},
+  {"udp_eim", NULL, NatOption, LOCAL_AUTH,
+   "UDP uses endpoint-independent mapping (\"full cone\" NAT)",
+   "nat udp_eim yes|no",
+   (const void *) PKT_ALIAS_UDP_EIM},
   {"help", "?", HelpCommand, LOCAL_AUTH | LOCAL_NO_AUTH,
    "Display this message", "nat help|? [command]", NatCommands},
   {NULL, NULL, NULL, 0, NULL, NULL, NULL},
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8
index 9242a9c337a0..33bdc69f45a3 100644
--- a/usr.sbin/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp.8
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd November 18, 2024
+.Dd December 6, 2024
 .Dt PPP 8
 .Os
 .Sh NAME
@@ -3579,6 +3579,26 @@ network.
 The target address may be set to
 .Dq MYADDR ,
 in which case libalias will redirect all packets to the interface address.
+.It nat udp_eim  yes|no
+When enabled, UDP packets use endpoint-independent mapping (EIM) from RFC 4787
+("full cone" NAT of RFC 3489).
+All packets from the same internal address:port are mapped to the same NAT
+address:port, regardless of their destination address:port.
+If filtering rules allow, and if
+.Em deny_incoming
+is disabled, any other external address:port can
+also send to the internal address:port through its mapped NAT address:port.
+This is more compatible with applications, and can reduce the need for port
+forwarding, but less scalable as each NAT address:port can only be
+concurrently used by at most one internal address:port.
+.Pp
+When disabled, UDP packets use endpoint-dependent mapping (EDM) ("symmetric"
+NAT).
+Each connection from a particular internal address:port to different
+external addresses:ports is mapped to a random and unpredictable NAT
+address:port.
+Two appplications behind EDM NATs can only connect to each other
+by port forwarding on the NAT, or tunnelling through an in-between server.
 .It nat use_sockets yes|no
 When enabled, this option tells the network address translation engine to
 create a socket so that it can guarantee a correct incoming ftp data or