Name Date Size #Lines LOC

..--

MakefileH A D15-Jul-20241.7 KiB9782

Makefile.dependH A D16-Aug-2023408 2518

README.changesH A D16-Aug-20237.3 KiB139133

README.natH A D16-Aug-202314.8 KiB377283

acf.cH A D16-Aug-20233.5 KiB11772

acf.hH A D16-Aug-20231.5 KiB343

arp.cH A D11-Apr-20248.2 KiB317224

arp.hH A D16-Aug-20231.7 KiB375

async.cH A D24-Nov-20235.3 KiB220160

async.hH A D16-Aug-20231.9 KiB5420

auth.cH A D16-Aug-202312 KiB488392

auth.hH A D16-Aug-20232.7 KiB6935

bundle.cH A D16-Aug-202356.3 KiB2,0171,551

bundle.hH A D16-Aug-20237.7 KiB217157

cbcp.cH A D16-Aug-202322.5 KiB764593

cbcp.hH A D16-Aug-20232.5 KiB6631

ccp.cH A D16-Aug-202323.3 KiB827658

ccp.hH A D16-Aug-20235.5 KiB166116

chap.cH A D16-Aug-202327 KiB973789

chap.hH A D16-Aug-20232.7 KiB7640

chap_ms.cH A D16-Aug-202312.2 KiB416298

chap_ms.hH A D16-Aug-20232.5 KiB5317

chat.cH A D16-Aug-202320.4 KiB803633

chat.hH A D07-Nov-20232.9 KiB8341

command.cH A D06-Dec-2024101.9 KiB3,3422,971

command.hH A D16-Aug-20233 KiB7639

datalink.cH A D16-Aug-202342.9 KiB1,4791,254

datalink.hH A D16-Aug-20236.1 KiB157108

deflate.cH A D16-Aug-202315.9 KiB602446

deflate.hH A D16-Aug-20231.5 KiB312

defs.cH A D16-Aug-20238.6 KiB442369

defs.hH A D16-Aug-20235.4 KiB14596

descriptor.hH A D16-Aug-20232.2 KiB5421

ether.cH A D16-Aug-202320.8 KiB738547

ether.hH A D16-Aug-20231.7 KiB387

exec.cH A D16-Aug-202311.5 KiB411328

exec.hH A D16-Aug-20231.6 KiB366

filter.cH A D16-Aug-202315.7 KiB605499

filter.hH A D16-Aug-20233.8 KiB10250

fsm.cH A D16-Aug-202331 KiB1,2141,021

fsm.hH A D16-Aug-20237 KiB202132

hdlc.cH A D16-Aug-202315.1 KiB439355

hdlc.hH A D16-Aug-20233.9 KiB11764

i4b.hH A D16-Aug-20231.7 KiB387

id.cH A D16-Aug-20236 KiB293227

id.hH A D16-Aug-20233 KiB8252

iface.cH A D28-Jun-202421.5 KiB820679

iface.hH A D16-Aug-20232.9 KiB7034

ip.cH A D19-Dec-202430.2 KiB996812

ip.hH A D16-Aug-20232.1 KiB4513

ipcp.cH A D16-Aug-202343 KiB1,4831,180

ipcp.hH A D16-Aug-20235.1 KiB13380

iplist.cH A D16-Aug-20235.5 KiB226173

iplist.hH A D16-Aug-20232 KiB5220

ipv6cp.cH A D16-Aug-202321.9 KiB787586

ipv6cp.hH A D16-Aug-20233.2 KiB8441

layer.hH A D16-Aug-20231.9 KiB5321

lcp.cH A D16-Aug-202339.2 KiB1,3061,122

lcp.hH A D16-Aug-20236.3 KiB14497

link.cH A D16-Aug-202310.3 KiB413305

link.hH A D16-Aug-20233.4 KiB8241

log.cH A D16-Aug-202311.3 KiB533442

log.hH A D16-Aug-20234.1 KiB10672

lqr.cH A D16-Aug-202317.5 KiB533385

lqr.hH A D16-Aug-20233.3 KiB8341

main.cH A D16-Aug-202317.9 KiB681517

main.hH A D16-Aug-20231.6 KiB332

mbuf.cH A D16-Aug-202310 KiB441342

mbuf.hH A D16-Aug-20234 KiB12079

mp.cH A D16-Aug-202333.6 KiB1,210946

mp.hH A D16-Aug-20234.9 KiB147100

mppe.cH A D16-Aug-202320.2 KiB818585

mppe.hH A D16-Aug-20231.5 KiB345

nat_cmd.cH A D16-Aug-202315.3 KiB602480

nat_cmd.hH A D16-Aug-20231.9 KiB4311

ncp.cH A D16-Aug-202313.1 KiB563435

ncp.hH A D16-Aug-20234.3 KiB10568

ncpaddr.cH A D16-Aug-202323 KiB1,009834

ncpaddr.hH A D16-Aug-20234.6 KiB11073

netgraph.cH A D16-Aug-202320.6 KiB744556

netgraph.hH A D16-Aug-20231.7 KiB387

pap.cH A D16-Aug-20238.8 KiB304226

pap.hH A D16-Aug-20231.8 KiB418

physical.cH A D16-Aug-202329 KiB1,125948

physical.hH A D16-Aug-20236.5 KiB175131

ppp.8H A D06-Dec-2024150.4 KiB6,1176,113

ppp.confH A D16-Aug-20231.2 KiB4421

pred.cH A D16-Aug-20238.8 KiB346281

pred.hH A D16-Aug-20231.6 KiB321

probe.cH A D16-Aug-20232.3 KiB7940

probe.hH A D16-Aug-20231.5 KiB398

prompt.cH A D16-Aug-202312.9 KiB575463

prompt.hH A D16-Aug-20233.8 KiB9761

proto.cH A D16-Aug-20233.2 KiB11672

proto.hH A D16-Aug-20232.4 KiB6525

radius.cH A D16-Aug-202339.4 KiB1,3621,096

radius.hH A D16-Aug-20234.6 KiB13492

route.cH A D16-Aug-202325.9 KiB937790

route.hH A D16-Aug-20233.3 KiB7540

server.cH A D16-Aug-202310.9 KiB423345

server.hH A D16-Aug-20232.2 KiB6225

sig.cH A D16-Aug-20233.4 KiB12055

sig.hH A D16-Aug-20231.6 KiB363

slcompress.cH A D29-Nov-202417.3 KiB604390

slcompress.hH A D16-Aug-20236.5 KiB16257

sync.cH A D16-Aug-20232.7 KiB8547

sync.hH A D16-Aug-20231.4 KiB301

systems.cH A D16-Aug-202311.4 KiB484369

systems.hH A D16-Aug-20232 KiB4412

tcp.cH A D16-Aug-20235.6 KiB213163

tcp.hH A D16-Aug-20231.6 KiB355

tcpmss.cH A D29-Nov-20246.5 KiB234164

tcpmss.hH A D16-Aug-20231.4 KiB301

throughput.cH A D16-Aug-20238.8 KiB303236

throughput.hH A D16-Aug-20232.9 KiB7139

timer.cH A D16-Aug-20238.1 KiB303209

timer.hH A D16-Aug-20232.3 KiB5621

tty.cH A D16-Aug-202320.6 KiB771608

tty.hH A D16-Aug-20231.7 KiB387

tun.cH A D16-Aug-20233.2 KiB12081

tun.hH A D16-Aug-20231.6 KiB409

ua.hH A D16-Aug-20233 KiB7539

udp.cH A D16-Aug-20238.7 KiB336259

udp.hH A D16-Aug-20231.6 KiB366

vjcomp.cH A D16-Aug-20235.7 KiB201141

vjcomp.hH A D16-Aug-20231.5 KiB376

README.changes

1Copyright (c) 2001 Brian Somers <brian@Awfulhak.org>
2              based on work by Eivind Eklund <perhaps@yes.no>,
3All rights reserved.
4
5Redistribution and use in source and binary forms, with or without
6modification, are permitted provided that the following conditions
7are met:
81. Redistributions of source code must retain the above copyright
9   notice, this list of conditions and the following disclaimer.
102. Redistributions in binary form must reproduce the above copyright
11   notice, this list of conditions and the following disclaimer in the
12   documentation and/or other materials provided with the distribution.
13
14THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24SUCH DAMAGE.
25
26This file summarises changes made to ppp that effect
27its configuration.
28
29It does not describe new features, rather it attempts
30to answer any `this used to work, why doesn't it now?'
31questions.
32
33o The `set debug' command was replaced with `set log'.
34o The `set log LCP' command was split into LCP, IPCP and CCP logs.
35o Syslogd is used for logging.  /etc/syslog.conf must be updated.
36o LQR is disabled by default.
37o Openmode is active by default.
38o Users must be a member of group `network' for ppp access.  Furthermore,
39  they must be `allow'ed to run ppp via the `allow' command in the
40  configuration file.
41  For a brief period, ppp could only be run as root.
42o No diagnostic socket is created by default.  The `set server' command
43  must be used.
44o The diagnostic socket password must be specified *only* on the `set
45  server' command line.
46o When `set server' is used to re-select a diagnostic port, all existing
47  diagnostic connections are dropped.
48o pppd-deflate is now called deflate24.
49o Filter IPs of 0.0.0.0 have a default width of 0, not 32.
50o Errors in `add' and `delete' are logged as warnings rather than being
51  written to the TCP/IP log.
52o Any number of diagnostic prompts are allowed, and they are allowed in
53  interactive mode.
54o The default `device' is cuau1, then cuau0
55o A password of "*" in ppp.secret causes a passwd database lookup in
56  pap mode.
57o The value of the CONNECT environment variable is logged in the
58  utmp host field in -direct mode.
59o Out-of-sequence FSM packets (IPCP/LCP/CCP) are dropped by default.
60o Reconnect values are used after an LQR timeout.
61o ^C works on the parent in -background mode.
62o The dial/call/open command works asynchronously.  As a result, prompts
63  do not lose control while dialing.
64o The `display' command has been removed.  All information is available
65  with the appropriate `show' command.
66o Msext does not need to be enabled/disabled.  Setting the NBNS (set nbns)
67  will auto enable it.  The DNS side may be enabled/disabled, and if
68  enabled without a `set dns' (was `set ns') will use values from
69  /etc/resolv.conf.
70o Filters are now called `allow', `dial', `in' and `out'.  `set
71  ifilter ...' becomes `set filter in ...' etc.
72o Authname and Authkey may only be `set' in phase DEAD.
73o Set encrypt is no longer necessary.  Ppp will respond to M$CHAP
74  servers correctly if it's built with DES.
75o Throughput statistics are enabled by default.
76o `Set stopped' only has two parameters.  It's no longer possible to
77  have an IPCP stopped timer.
78o `Set timeout' only has one or two parameters.  Use `set lqrperiod' and
79  `set {lcp,ccp,ipcp,chap,pap}retry' for the other timers.  These timeout
80  values can be seen using the relevant show commands.
81o `set loopback' is now `enable/disable loopback'.
82o `show auto', `show loopback' and `show mtu' are all part of `show bundle'.
83o `show mru' is part of `show lcp'
84o `show msext' and `show vj' are part of `show ipcp'
85o `show reconnect' and `show redial' are part of `show link'
86o A signal 15 (TERM) will now shut down the link gracefully.
87o A signal 2 (HUP) will drop all links immediately.
88o Signal 30 (USR1) is now ignored.
89o Add & delete commands are not necessary in ppp.linkup if they are
90  `sticky routes' (ie, contain MYADDR or HISADDR).
91o LINK and CARRIER logging are no longer available.
92o Timer based DEBUG messages are now logged in the new TIMER log.
93o Ppp can use tun devices > tun255.
94o Protocol-compressed packets are accepted even if they were denied
95  at LCP negotiation time.
96o Passwords aren't logged when logging the ``set server'' line.
97o Command line options only need enough characters to uniquely identify
98  them.  -a == -auto, -dd == -ddial etc.  -interactive is also allowed.
99o If you don't like seeing additional interface aliases when running in
100  -auto -alias mode, add ``iface clear'' to your ppp.linkdown file -
101  check the sample file.
102o Ppp waits for 1 second before checking whether the device supports
103  carrier.  This is controllable with ``set cd''.
104o Random dial timeouts are now between 1 and 30 seconds inclusive rather
105  than between 0 and 29.
106o Ppp now accepts M$CHAP (as well as normal CHAP) by default.  If this
107  is not required, you must ``deny chap05 chap80''.
108o The ``set device'' command now expects each device to be specified as an
109  argument rather than concatentating all arguments and splitting based
110  on commas and spaces.
111o The ``show modem'' command is deprecated and has been changed to
112  ``show physical''.
113o The words ``host'' and ``port'' are no longer accepted by the ``set filter''
114  command.  Removing them should yield the same results as before.
115o The ``set weight'' command has been deprecated.  The ``set bandwidth''
116  command should now be used instead.
117o The ``set autoload'' command syntax and implementation have changed as the
118  old implementation was mis-designed and dysfunctional.
119o Ppp now waits either the full ``set cd'' time or until carrier is detected
120  before running the login script (whichever comes first).
121o The -alias flag has been deprecated.  The -nat flag should be used instead.
122o Unbalanced quotes in commands are now warned about and the entire command
123  is ignored.
124o It is now only necessary to escape the `-' character in chat scripts twice.
125  See the example files for details.
126o Environment variables and ~ are expanded on in commands
127o ``nat pptp'' is no longer necessary as this is now done transparently
128o The ``!'' at the start of chat scripts and authkey can be made literal
129  (rather than meaning execute) by doubling it to ``!!''.
130o MP autoload throughput measurements are now based on the maximum of input
131  and output averages rather than on the total.
132o When only one link is open in MP mode, MP link level compression is not
133  open and the peer MRU >= the peer MRRU, ppp sends outbound traffic as
134  PROTO_IP traffic rather than PROTO_MP.
135o MSCHAPv2 is now accepted by default.  If you don't wish to negotiate
136  this, you must explicitly deny it.
137o MPPE is enabled and accepted by default (although deflate and predictor1
138  are preferred.
139

README.nat

1Copyright (c) 2001 Charles Mott <cm@linktel.net>
2All rights reserved.
3
4Redistribution and use in source and binary forms, with or without
5modification, are permitted provided that the following conditions
6are met:
71. Redistributions of source code must retain the above copyright
8   notice, this list of conditions and the following disclaimer.
92. Redistributions in binary form must reproduce the above copyright
10   notice, this list of conditions and the following disclaimer in the
11   documentation and/or other materials provided with the distribution.
12
13THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23SUCH DAMAGE.
24
25User PPP NAT (Packet Aliasing)
26
27
28
290. Contents
30    1. Background
31    2. Setup
32    3. New commands in ppp
33    4. Future Work
34    5. Authors / Acknowledgements
35    6. Revision History for Aliasing Code
36
37
38
391. Background
40
41User mode ppp has embedded NAT (Network Address Translation) code.
42Enabling this, either by the "-nat" command line option or the
43"nat enable yes" command in a ppp.conf file, makes the ppp host
44automatically NAT IP packets forwarded from a local network, making
45them appear to come from the ppp host machine.  Incoming packets
46from the outside world are then appropriately de-NAT'd.
47
48The process of NAT'ing involves both the IP address and the TCP or UDP
49port numbers. ICMP echo and timestamp packets are natted by their id
50numbers.  ICMP error messages can be properly directed by examining the
51fragment of the offending packet which is contained in the body of the
52message.
53
54This software was specifically meant to support users who have
55unregistered, private address IP networks (e.g. 192.168.0.x or 10.0.0.x
56addresses).  The ppp host can act as a gateway for these networks, and
57computers on the local area net will have some degree of Internet access
58without the need for a registered IP address.  Additionally, there will
59be no need for an Internet service provider to maintain routing tables
60for the local area network.
61
62A disadvantage of NAT is that machines on the local network,
63behind the ppp host, are not visible from the outside world.  They can
64establish TCP connections and make UDP inquiries (such as domain name
65service requests) but the connections seem to come from the ppp host
66itself.  There is, in effect, a partial firewall.  Of course, if this is
67what you want, the disadvantage becomes an advantage.
68
69A second disadvantage is that "IP encoding" protocols, which send IP
70address or port information within the data stream, are not supported
71for the cases where exception code exists.  This implementation has
72workarounds for FTP and IRC DCC, the most well known of the IP encoding
73protocols.  This frees users from depending on using the ftp passive
74mode and avoiding IRC DCC sends, as is sometimes the case with other
75masquerading solutions.
76
77The implementation supports all standard, non-encoding TCP and UDP protocols.
78Examples of these protocols are http, gopher and telnet. The standard UDP
79mode of Real-Audio is not presently supported, but the TCP mode does work
80correctly.
81
82The NAT code also handles many ICMP messages.  In particular,
83ping and traceroute are supported.
84
85
86
872. Packet Aliasing Setup
88
89It is recommended that users first verify correct ppp operation without
90NAT enabled.  This will confirm that the ppp.conf file is
91properly set up and that there are no ppp problems. Then start ppp with
92the "-nat" option on the command line.  The user should verify that
93the ppp host can correctly connect to the Internet in NAT
94mode.  Finally, check that machines on the private network can access
95the Internet.
96
97The NAT software handles all packets, whether they come from
98the host or another computer on the local area network.  Thus, a correctly
99operating ppp host indicates that the software should work properly for
100other computers on the private network.
101
102If the ppp host can access the Internet, but other computers on the local
103network cannot, check that IP forwarding is enabled on the ppp host. Also,
104verify that the other computers use this machine as a gateway.  Of course,
105you should also verify that machines within the local area network
106communicate properly.  A common error is inconsistent subnet addresses
107and masks.
108
109
110
1113. New commands in ppp
112
113In order to control NAT behaviour in a simple manner (no need for
114recompilation), a new command has been added to ppp: nat.  This
115is in addition to the -nat command line option.  System managers and
116more experienced users may prefer to use the ppp command syntax
117within the ppp.conf file.  The nat command also allows NAT
118behaviour to be more precisely specified.
119
120The decision to add a command instead of extending 'set' or 'option' was
121to make obvious that these options only work when NAT is enabled.
122
123The syntax for 'nat' is
124
125    ppp>  nat option [yes|no]
126
127where option is given by one of the following templates.
128
129
130 - nat enable [yes|no]  (default no)
131
132Enable NAT functionality.  If disabled, no other NAT
133options will have any effect.  You should usually enable NAT
134before routing any packets over the link; good points are in the
135initial script or right before adding a route.  If you do not always
136want NAT, consider using the -nat option to ppp instead of this
137command.
138
139
140 - nat deny_incoming [yes|no] (default yes)
141
142Set to "yes" to disable all incoming connections.  This just drops
143connections to, for example, ftp, telnet or web servers.  The NAT
144mechanism prevents these connections. Technically, this option denies
145all incoming TCP and UDP requests, making the NAT software a
146fairly efficient one-way firewall.  The default is no, which will allow
147all incoming connections to telnetd, ftpd, etc.
148
149
150 - nat log [yes|no]
151
152Controls logging of NAT link creation to "/var/log/alias.log" - this
153is usually only useful if debugging a setup, to see if the bug is in
154the PPP NATing.  The debugging information is fairly limited, listing
155the number of NAT links open for different protocols.
156
157
158 - nat same_ports [yes|no] (default yes)
159
160When a connection is being established going through the NAT
161routines, it will normally have its port number changed to allow the
162NAT code to track it.  If same_ports is enabled, the NAT
163software attempts to keep the connection's source port unchanged.
164This will allow rsh, RPC and other specialised protocols to work
165_most of the time_, at least on the host machine.  Please, do not
166report this being unstable as a bug - it is a result of the way
167NAT has to work. TCP/IP was intended to have one IP address
168per machine.
169
170
171 - nat use_sockets [yes|no] (default yes)
172
173This is a fairly obscure option.  For the most part, the NAT
174software does not have to allocate system sockets when it chooses a
175NAT port number.  Under very specific circumstances, FTP data
176connections (which don't know the remote port number, though it is
177usually 20) and IRC DCC send (which doesn't know either the address or
178the port from which the connection will come), there can potentially be
179some interference with an open server socket having the same port number
180on the ppp host machine.  This possibility for interference only exists
181until the TCP connection has been acknowledged on both sides.  The safe
182option is yes, though fewer system resources are consumed by specifying
183no.
184
185
186 - nat unregistered_only [yes|no] (default no)
187
188NAT normally remaps all packets coming from the local area
189network to the ppp host machine address.  Set this option to only map
190addresses from the following standard ranges for private, unregistered
191addresses:
192
193                10.0.0.0     ->   10.255.255.255
194                172.16.0.0   ->   172.31.255.255
195                192.168.0.0  ->   192.168.255.255  */
196
197In the instance that there is a subnet of public addresses and another
198subnet of private addresses being routed by the ppp host, then only the
199packets on the private subnet will be NAT'd.
200
201
202- nat port <proto> <local addr>:<port>  <nat port>
203
204This command allows incoming traffic to <nat port> on the host
205machine to be redirected to a specific machine and port on the
206local area network.  One example of this would be:
207
208    nat port tcp 192.168.0.4:telnet  8066
209
210All traffic to port 8066 of the ppp host would then be sent to
211the telnet port (23) of machine 192.168.0.4.  Port numbers
212can either be designated numerically or by symbolic names
213listed in /etc/services.  Similarly, addresses can be either
214in dotted quad notation or in /etc/hosts.
215
216
217- nat addr <local addr> <public addr>
218
219This command allows traffic for a public IP address to be
220redirected to a machine on the local network.  This function
221is known as "static NAT".  An address assignment of 0 refers
222to the default address of the ppp host.  Normally static
223NAT is useful if your ISP has allocated a small block of
224IP addresses to the user, but it can even be used in the
225case of a single, dynamically allocated IP address:
226
227    nat addr 10.0.0.8 0
228
229The above command would redirect all incoming traffic to
230machine 10.0.0.8.
231
232If several address NATs specify the same public address
233as follows
234
235    nat addr 192.168.0.2  public_addr
236    nat addr 192.168.0.3  public_addr
237    nat addr 192.168.0.4  public_addr
238
239then incoming traffic will be directed to the last
240translated local address (192.168.0.4), but outgoing
241traffic to the first two addresses will still be NAT'd
242to the specified public address.
243
244
245
2464. Future Work
247
248What is called NAT here has been variously called masquerading, packet
249aliasing and transparent proxying by others.  It is an extremely useful
250function to many users, but it is also necessarily imperfect.  The
251occasional IP-encoding protocols always need workarounds (hacks).
252Users who are interested in supporting new IP-encoding protocols
253can follow the examples of alias_ftp.c and alias_irc.c.
254
255ICMP error messages are currently handled only in the incoming direction.
256A handler needs to be added to correctly NAT outgoing error messages.
257
258IRC and FTP exception handling make reasonable, though not strictly correct
259assumptions, about how IP encoded messages will appear in the control
260stream.  Programmers may wish to consider how to make this process more
261robust.
262
263The NAT engine (alias.c, alias_db.c, alias_ftp.c, alias_irc.c
264and alias_util.c) runs in user space, and is intended to be both portable
265and reusable for interfaces other than ppp.  To access the basic engine
266only requires four simple function calls (initialisation, communication of
267host address, outgoing NAT and incoming de-NATing).
268
269
270
2715. Authors / Acknowledgements
272
273Charles Mott (cm@linktel.net)  <versions 1.0 - 1.8, 2.0, 2.1>
274Eivind Eklund (perhaps@yes.no) <versions 1.8b - 1.9, new ppp commands>
275
276Listed below, in chronological order, are individuals who have provided
277valuable comments and/or debugging assistance.
278
279    Gary Roberts
280    Tom Torrance
281    Reto Burkhalter
282    Martin Renters
283    Brian Somers
284    Paul Traina
285    Ari Suutari
286    J. Fortes
287    Andrzej Bialeki
288
289
290
2916. Revision History for Aliasing Code
292
293Version 1.0: August 11, 1996 (cjm)
294
295Version 1.1:  August 20, 1996  (cjm)
296    PPP host accepts incoming connections for ports 0 to 1023.
297
298Version 1.2:  September 7, 1996 (cjm)
299    Fragment handling error in alias_db.c corrected.
300
301Version 1.3: September 15, 1996 (cjm)
302    - Generalised mechanism for handling incoming connections
303      (no more 0 to 1023 restriction).
304    - Increased ICMP support (will handle traceroute now).
305    - Improved TCP close connection logic.
306
307Version 1.4: September 16, 1996
308    Can't remember (this version only lasted a day -- cjm).
309
310Version 1.5: September 17, 1996 (cjm)
311    Corrected error in handling incoming UDP packets
312    with zero checksum.
313
314Version 1.6: September 18, 1996
315    Simplified ICMP data storage.  Will now handle
316    tracert from Win95 as well as FreeBSD traceroute.
317
318Version 1.7: January 9, 1997 (cjm)
319    - Reduced malloc() activity for ICMP echo and
320      timestamp requests.
321    - Added handling for out-of-order IP fragments.
322    - Switched to differential checksum computation
323      for IP headers (TCP, UDP and ICMP checksums
324      were already differential).
325    - Accepts FTP data connections from other than
326      port 20.  This allows one ftp connections
327      from two hosts which are both running packet
328      aliasing.
329
330Version 1.8: January 14, 1997 (cjm)
331    - Fixed data type error in function StartPoint()
332      in alias_db.c (this bug did not exist before v1.7)
333
334Version 1.8b: January 16, 1997 (Eivind Eklund <perhaps@yes.no>)
335    - Upgraded base PPP version to be the source code from
336      FreeBSD 2.1.6, with additional security patches.  This
337      version should still be possible to run on 2.1.5, though -
338      I've run it with a 2.1.5 kernel without problems.
339      (Update done with the permission of cjm)
340
341Version 1.9: February 1, 1997 (Eivind Eklund <perhaps@yes.no>)
342    - Added support for IRC DCC (ee)
343    - Changed the aliasing routines to use ANSI style throughout -
344      minor API changes for integration with other programs than PPP (ee)
345    - Changed the build process, making all options switchable
346      from the Makefile (ee)
347    - Fixed minor security hole in alias_ftp.c for other applications
348      of the aliasing software.  Hole could _not_ manifest in
349      PPP+pktAlias, but could potentially manifest in other
350      applications of the aliasing. (ee)
351    - Connections initiated from packet aliasing host machine will
352      not have their port number aliased unless it conflicts with
353      an aliasing port already being used. (There is an option to
354      disable this for debugging) (cjm)
355    - Sockets will be allocated in cases where there might be
356      port interference with the host machine.  This can be disabled
357      in cases where the ppp host will be acting purely as a
358      masquerading router and not generate any traffic of its own.
359      (cjm)
360
361Version 2.0: March, 1997 (cjm)
362    - Incoming packets which are not recognised by the packet
363      aliasing engine are now completely dropped in ip.c.
364    - Aliasing links are cleared when a host interface address
365      changes (due to re-dial and dynamic address allocation).
366    - PacketAliasPermanentLink() API added.
367    - Option for only aliasing private, unregistered IP addresses
368      added.
369    - Substantial rework to the aliasing lookup engine.
370
371Version 2.1: May, 1997 (cjm)
372    - Continuing rework to the aliasing lookup engine to support
373      multiple incoming addresses and static NAT.
374    - Now supports outgoing as well as incoming ICMP error messages/
375    - PPP commands to support address and port redirection.
376
377