Add Cisco Skinny Station Protocol translation support to libalias

and supporting applications (ppp).

From marcus FreeBSD

10 files changed, 405 insertions, 14 deletions

diff --git a/usr.sbin/ppp/ppp/Makefile b/usr.sbin/ppp/ppp/Makefile
index dc080ae7cbb..0051b4c49a1 100644
--- a/usr.sbin/ppp/ppp/Makefile
+++ b/usr.sbin/ppp/ppp/Makefile
@@ -1,12 +1,12 @@
-#	$OpenBSD: Makefile,v 1.26 2004/01/24 18:43:22 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.27 2005/07/26 01:32:24 brad Exp $
 
 PROG=	ppp
 SRCS=	alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \
-	alias_nbt.c alias_pptp.c alias_proxy.c alias_smedia.c alias_util.c \
-	acf.c arp.c async.c auth.c bundle.c cbcp.c ccp.c chap.c chap_ms.c \
-	chat.c command.c datalink.c deflate.c defs.c exec.c filter.c fsm.c \
-	hdlc.c iface.c ip.c ipcp.c ipv6cp.c iplist.c lcp.c link.c log.c lqr.c \
-	main.c mbuf.c mp.c mppe.c ncp.c ncpaddr.c nat_cmd.c pap.c physical.c \
+	alias_nbt.c alias_pptp.c alias_proxy.c alias_skinny.c alias_smedia.c \
+	alias_util.c acf.c arp.c async.c auth.c bundle.c cbcp.c ccp.c chap.c \
+	chap_ms.c chat.c command.c datalink.c deflate.c defs.c exec.c filter.c \
+	fsm.c hdlc.c iface.c ip.c ipcp.c ipv6cp.c iplist.c lcp.c link.c log.c \
+	lqr.c main.c mbuf.c mp.c mppe.c ncp.c ncpaddr.c nat_cmd.c pap.c physical.c \
 	pred.c probe.c prompt.c proto.c radius.c radlib.c route.c server.c \
 	sig.c slcompress.c systems.c sync.c tcp.c tcpmss.c throughput.c \
 	timer.c tty.c tun.c udp.c vjcomp.c
diff --git a/usr.sbin/ppp/ppp/alias.c b/usr.sbin/ppp/ppp/alias.c
index 6528eea83f4..48e8e9762d6 100644
--- a/usr.sbin/ppp/ppp/alias.c
+++ b/usr.sbin/ppp/ppp/alias.c
@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $OpenBSD: alias.c,v 1.19 2002/06/15 08:01:59 brian Exp $
+ * $OpenBSD: alias.c,v 1.20 2005/07/26 01:32:24 brad Exp $
  */
 
 /*
@@ -136,6 +136,7 @@
 #define RTSP_CONTROL_PORT_NUMBER_2 7070
 #define TFTP_PORT_NUMBER 69
 #define PPTP_CONTROL_PORT_NUMBER 1723
+#define SKINNY_PORT_NUMBER 2000
 
 
 
@@ -908,6 +909,9 @@ TcpAliasIn(struct ip *pip)
         if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
          || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
             AliasHandlePptpIn(pip, link);
+        else if (skinnyPort != 0 && (ntohs(tc->th_dport) == skinnyPort
+         || ntohs(tc->th_sport) == skinnyPort))
+            AliasHandleSkinny(pip, link);
 
         alias_address = GetAliasAddress(link);
         original_address = GetOriginalAddress(link);
@@ -1089,6 +1093,9 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
         else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
          || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
             AliasHandlePptpOut(pip, link);
+        else if (skinnyPort != 0 && (ntohs(tc->th_sport) == skinnyPort
+         || ntohs(tc->th_dport) == skinnyPort))
+            AliasHandleSkinny(pip, link);
 
 /* Adjust TCP checksum since source port is being aliased */
 /* and source address is being altered                    */
diff --git a/usr.sbin/ppp/ppp/alias.h b/usr.sbin/ppp/ppp/alias.h
index c205b2e60b2..a99307e4126 100644
--- a/usr.sbin/ppp/ppp/alias.h
+++ b/usr.sbin/ppp/ppp/alias.h
@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $OpenBSD: alias.h,v 1.12 2002/06/15 08:01:59 brian Exp $
+ * $OpenBSD: alias.h,v 1.13 2005/07/26 01:32:24 brad Exp $
  */
 
 /*-
@@ -45,6 +45,7 @@
 void	 PacketAliasInit(void);
 void	 PacketAliasSetAddress(struct in_addr _addr);
 void	 PacketAliasSetFWBase(unsigned int _base, unsigned int _num);
+void	 PacketAliasSetSkinnyPort(unsigned int _port);
 unsigned int
 	 PacketAliasSetMode(unsigned int _flags, unsigned int _mask);
 void	 PacketAliasUninit(void);
diff --git a/usr.sbin/ppp/ppp/alias_db.c b/usr.sbin/ppp/ppp/alias_db.c
index 32f142273df..5763358ea17 100644
--- a/usr.sbin/ppp/ppp/alias_db.c
+++ b/usr.sbin/ppp/ppp/alias_db.c
@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $OpenBSD: alias_db.c,v 1.22 2003/08/06 21:08:08 millert Exp $
+ * $OpenBSD: alias_db.c,v 1.23 2005/07/26 01:32:25 brad Exp $
  */
 
 /*
@@ -397,6 +397,8 @@ static int fireWallFD = -1;          /* File descriptor to be able to   */
                                      /* flag.                           */
 #endif
 
+unsigned int skinnyPort = 0;         /* TCP port used by the Skinny     */
+                                     /* protocol.                       */
 
 
 
@@ -2809,3 +2811,8 @@ PacketAliasSetFWBase(unsigned int base, unsigned int num) {
     fireWallNumNums = num;
 #endif
 }
+
+void
+PacketAliasSetSkinnyPort(unsigned int port) {
+    skinnyPort = port;
+}
diff --git a/usr.sbin/ppp/ppp/alias_local.h b/usr.sbin/ppp/ppp/alias_local.h
index 9e6dfeab80d..a34149ba05c 100644
--- a/usr.sbin/ppp/ppp/alias_local.h
+++ b/usr.sbin/ppp/ppp/alias_local.h
@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $OpenBSD: alias_local.h,v 1.14 2002/06/15 08:01:59 brian Exp $
+ * $OpenBSD: alias_local.h,v 1.15 2005/07/26 01:32:25 brad Exp $
  */
 
 /*
@@ -74,6 +74,7 @@
 /* Globals */
 
 extern int packetAliasMode;
+extern unsigned int skinnyPort;
 
 /* Prototypes */
 
@@ -212,6 +213,9 @@ int	 AliasHandleUdpNbtNS(struct ip *_pip, struct alias_link *_link,
 void	 AliasHandleCUSeeMeOut(struct ip *_pip, struct alias_link *_link);
 void	 AliasHandleCUSeeMeIn(struct ip *_pip, struct in_addr _original_addr);
 
+/* Skinny routines */
+void	 AliasHandleSkinny(struct ip *_pip, struct alias_link *_link);
+
 /* Transparent proxy routines */
 int	 ProxyCheck(struct ip *_pip, struct in_addr *_proxy_server_addr,
 	    u_short *_proxy_server_port);
diff --git a/usr.sbin/ppp/ppp/alias_skinny.c b/usr.sbin/ppp/ppp/alias_skinny.c
new file mode 100644
index 00000000000..f1b6a4ee7e8
--- /dev/null
+++ b/usr.sbin/ppp/ppp/alias_skinny.c
@@ -0,0 +1,338 @@
+/*-
+ * alias_skinny.c
+ *
+ * Copyright (c) 2002, 2003 MarcusCom, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * Author: Joe Marcus Clarke <marcus@FreeBSD.org>
+ *
+ * $OpenBSD: alias_skinny.c,v 1.1 2005/07/26 01:32:25 brad Exp $
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in_systm.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netinet/udp.h>
+#include <unistd.h>
+
+#include "alias_local.h"
+
+/*
+ * alias_skinny.c handles the translation for the Cisco Skinny Station
+ * protocol.  Skinny typically uses TCP port 2000 to set up calls between
+ * a Cisco Call Manager and a Cisco IP phone.  When a phone comes on line,
+ * it first needs to register with the Call Manager.  To do this it sends
+ * a registration message.  This message contains the IP address of the
+ * IP phone.  This message must then be translated to reflect our global
+ * IP address.  Along with the registration message (and usually in the
+ * same packet), the phone sends an IP port message.  This message indicates
+ * the TCP port over which it will communicate.
+ *
+ * When a call is placed from the phone, the Call Manager will send an
+ * Open Receive Channel message to the phone to let the caller know someone
+ * has answered.  The phone then sends back an Open Receive Channel
+ * Acknowledgement.  In this packet, the phone sends its IP address again,
+ * and the UDP port over which the voice traffic should flow.  These values
+ * need translation.  Right after the Open Receive Channel Acknowledgement, 
+ * the Call Manager sends a Start Media Transmission message indicating the
+ * call is connected.  This message contains the IP address and UDP port 
+ * number of the remote (called) party.  Once this message is translated, the 
+ * call can commence.  The called part sends the first UDP packet to the
+ * calling phone at the pre-arranged UDP port in the Open Receive Channel
+ * Acknowledgement.
+ *
+ * Skinny is a Cisco-proprietary protocol and is a trademark of Cisco Systems,
+ * Inc.  All rights reserved.
+*/
+
+/* #define DEBUG 1 */
+
+/* Message types that need translating */
+#define REG_MSG         0x00000001
+#define IP_PORT_MSG     0x00000002
+#define OPNRCVCH_ACK    0x00000022
+#define START_MEDIATX   0x0000008a
+
+struct skinny_header {
+    u_int32_t       len;
+    u_int32_t       reserved;
+    u_int32_t       msgId;
+};
+
+struct RegisterMessage {
+    u_int32_t       msgId;
+    char            devName[16];
+    u_int32_t       uid;
+    u_int32_t       instance;
+    u_int32_t       ipAddr;
+    u_char          devType;
+    u_int32_t       maxStreams;
+};
+
+struct IpPortMessage {
+    u_int32_t       msgId;
+    u_int32_t       stationIpPort;  /* Note: Skinny uses 32-bit port
+                                     * numbers */
+};
+
+struct OpenReceiveChannelAck {
+    u_int32_t       msgId;
+    u_int32_t       status;
+    u_int32_t       ipAddr;
+    u_int32_t       port;
+    u_int32_t       passThruPartyID;
+};
+
+struct StartMediaTransmission {
+    u_int32_t       msgId;
+    u_int32_t       conferenceID;
+    u_int32_t       passThruPartyID;
+    u_int32_t       remoteIpAddr;
+    u_int32_t       remotePort;
+    u_int32_t       MSPacket;
+    u_int32_t       payloadCap;
+    u_int32_t       precedence;
+    u_int32_t       silenceSuppression;
+    u_short         maxFramesPerPacket;
+    u_int32_t       G723BitRate;
+};
+
+typedef enum {
+    ClientToServer = 0,
+    ServerToClient = 1
+} ConvDirection;
+
+
+static int
+alias_skinny_reg_msg(struct RegisterMessage *reg_msg, struct ip *pip,
+                     struct tcphdr *tc, struct alias_link *link,
+                     ConvDirection direction)
+{
+  reg_msg->ipAddr = (u_int32_t) GetAliasAddress(link).s_addr;
+
+  tc->th_sum = 0;
+  tc->th_sum = TcpChecksum(pip);
+
+  return 0;
+}
+
+static int
+alias_skinny_startmedia(struct StartMediaTransmission *start_media,
+                        struct ip *pip, struct tcphdr *tc,
+                        struct alias_link *link, u_int32_t localIpAddr,
+                        ConvDirection direction)
+{
+  struct in_addr  dst, src;
+
+  dst.s_addr = start_media->remoteIpAddr;
+  src.s_addr = localIpAddr;
+
+  /* XXX I should probably handle in bound global translations as well. */
+
+  return 0;
+}
+
+static int
+alias_skinny_port_msg(struct IpPortMessage *port_msg, struct ip *pip,
+                      struct tcphdr *tc, struct alias_link *link,
+                      ConvDirection direction)
+{
+  port_msg->stationIpPort = (u_int32_t) ntohs(GetAliasPort(link));
+
+  tc->th_sum = 0;
+  tc->th_sum = TcpChecksum(pip);
+
+  return 0;
+}
+
+static int
+alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack,
+                          struct ip * pip, struct tcphdr *tc,
+                          struct alias_link *link, u_int32_t *localIpAddr,
+                          ConvDirection direction)
+{
+  struct in_addr  null_addr;
+  struct alias_link *opnrcv_link;
+  u_int32_t localPort;
+
+  *localIpAddr = (u_int32_t) opnrcvch_ack->ipAddr;
+  localPort = opnrcvch_ack->port;
+
+  null_addr.s_addr = INADDR_ANY;
+  opnrcv_link = FindUdpTcpOut(pip->ip_src, null_addr,
+                              htons((u_short) opnrcvch_ack->port), 0,
+                              IPPROTO_UDP, 1);
+  opnrcvch_ack->ipAddr = (u_int32_t) GetAliasAddress(opnrcv_link).s_addr;
+  opnrcvch_ack->port = (u_int32_t) ntohs(GetAliasPort(opnrcv_link));
+
+  tc->th_sum = 0;
+  tc->th_sum = TcpChecksum(pip);
+
+  return 0;
+}
+
+void
+AliasHandleSkinny(struct ip *pip, struct alias_link *link)
+{
+  int             hlen, tlen, dlen;
+  struct tcphdr  *tc;
+  u_int32_t       msgId, len, t, lip;
+  struct skinny_header *sd;
+  int             orig_len, skinny_hdr_len = sizeof(struct skinny_header);
+  ConvDirection   direction;
+
+  tc = (struct tcphdr *) ((char *)pip + (pip->ip_hl << 2));
+  hlen = (pip->ip_hl + tc->th_off) << 2;
+  tlen = ntohs(pip->ip_len);
+  dlen = tlen - hlen;
+
+  sd = (struct skinny_header *) ((char *)pip + hlen);
+
+  /*
+   * XXX This direction is reserved for future use.  I still need to
+   * handle the scenario where the call manager is on the inside, and
+   * the calling phone is on the global outside.
+   */
+  if (ntohs(tc->th_dport) == skinnyPort) {
+    direction = ClientToServer;
+  } else if (ntohs(tc->th_sport) == skinnyPort) {
+    direction = ServerToClient;
+  } else {
+#ifdef DEBUG
+    fprintf(stderr,
+            "PacketAlias/Skinny: Invalid port number, not a Skinny packet\n");
+#endif
+    return;
+  }
+
+  orig_len = dlen;
+  /*
+   * Skinny packets can contain many messages.  We need to loop through
+   * the packet using len to determine message boundaries.  This comes
+   * into play big time with port messages being in the same packet as
+   * register messages.  Also, open receive channel acks are
+   * usually buried in a pakcet some 400 bytes long.
+   */
+  while (dlen >= skinny_hdr_len) {
+    len = (sd->len);
+    msgId = (sd->msgId);
+    t = len;
+
+    if (t < 0 || t > orig_len || t > dlen) {
+#ifdef DEBUG
+      fprintf(stderr,
+              "PacketAlias/Skinny: Not a skinny packet, invalid length \n");
+#endif
+      return;
+    }
+    switch (msgId) {
+      case REG_MSG:
+        {
+          struct RegisterMessage *reg_mesg;
+
+          if (len < sizeof(struct RegisterMessage)) {
+#ifdef DEBUG
+            fprintf(stderr,
+                    "PacketAlias/Skinny: Not a skinny packet, bad registration message\n");
+#endif
+            return;
+          }
+          reg_mesg = (struct RegisterMessage *) & sd->msgId;
+#ifdef DEBUG
+          fprintf(stderr,
+                  "PacketAlias/Skinny: Received a register message");
+#endif
+	  alias_skinny_reg_msg(reg_mesg, pip, tc, link, direction);
+        }
+        break;
+      case IP_PORT_MSG:
+        {
+          struct IpPortMessage *port_mesg;
+          if (len < sizeof(struct IpPortMessage)) {
+#ifdef DEBUG
+            fprintf(stderr,
+                    "PacketAlias/Skinny: Not a skinny packet, port message\n");
+#endif
+            return;
+          }
+#ifdef DEBUG
+          fprintf(stderr
+                  "PacketAlias/Skinny: Received ipport message\n");
+#endif
+          port_mesg = (struct IpPortMessage *) & sd->msgId;
+          alias_skinny_port_msg(port_mesg, pip, tc, link, direction);
+        }
+        break;
+      case OPNRCVCH_ACK:
+        {
+          struct OpenReceiveChannelAck *opnrcvchn_ack;
+
+          if (len < sizeof(struct OpenReceiveChannelAck)) {
+#ifdef DEBUG
+            fprintf(stderr,
+                    "PacketAlias/Skinny: Not a skinny packet, packet,OpnRcvChnAckMsg\n");
+#endif
+            return;
+          }
+#ifdef DEBUG
+          fprintf(stderr,
+                  "PacketAlias/Skinny: Received open rcv channel msg\n");
+#endif
+          opnrcvchn_ack = (struct OpenReceiveChannelAck *) & sd->msgId;
+          alias_skinny_opnrcvch_ack(opnrcvchn_ack, pip, tc, link, &lip, direction);
+        }
+        break;
+      case START_MEDIATX:
+        {
+          struct StartMediaTransmission *startmedia_tx;
+
+          if (len < sizeof(struct StartMediaTransmission)) {
+#ifdef DEBUG
+            fprintf(stderr,
+                    "PacketAlias/Skinny: Not a skinny packet,StartMediaTx Message\n");
+#endif
+            return;
+          }
+#ifdef DEBUG
+          fprintf(stderr,
+                  "PacketAlias/Skinny: Received start media trans msg\n");
+#endif
+           startmedia_tx = (struct StartMediaTransmission *) & sd->msgId;
+           alias_skinny_startmedia(startmedia_tx, pip, tc, link, lip, direction);
+         }
+         break;
+       default:
+         break;
+     }
+     /* Place the pointer at the next message in the packet. */
+     dlen -= len + (skinny_hdr_len - sizeof(msgId));
+     sd = (struct skinny_header *) (((char *)&sd->msgId) + len);
+   }
+}
diff --git a/usr.sbin/ppp/ppp/command.c b/usr.sbin/ppp/ppp/command.c
index 7339faab7a9..e1cf71fd638 100644
--- a/usr.sbin/ppp/ppp/command.c
+++ b/usr.sbin/ppp/ppp/command.c
@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $OpenBSD: command.c,v 1.87 2005/07/18 22:51:03 brad Exp $
+ * $OpenBSD: command.c,v 1.88 2005/07/26 01:32:25 brad Exp $
  */
 
 #include <sys/param.h>
@@ -754,6 +754,8 @@ static struct cmdtab const NatCommands[] =
   {"punch_fw", NULL, nat_PunchFW, LOCAL_AUTH,
    "firewall control", "nat punch_fw [base count]"},
 #endif
+  {"skinny_port", NULL, nat_SkinnyPort, LOCAL_AUTH,
+   "TCP port used by Skinny Station protocol", "nat skinny_port [port]"},
   {"same_ports", NULL, NatOption, LOCAL_AUTH,
    "try to leave port numbers unchanged", "nat same_ports yes|no",
    (const void *) PKT_ALIAS_SAME_PORTS},
diff --git a/usr.sbin/ppp/ppp/nat_cmd.c b/usr.sbin/ppp/ppp/nat_cmd.c
index dc584ade7b5..8930884a819 100644
--- a/usr.sbin/ppp/ppp/nat_cmd.c
+++ b/usr.sbin/ppp/ppp/nat_cmd.c
@@ -24,7 +24,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$OpenBSD: nat_cmd.c,v 1.25 2005/07/17 19:13:25 brad Exp $
+ *	$OpenBSD: nat_cmd.c,v 1.26 2005/07/26 01:32:25 brad Exp $
  */
 
 #include <sys/param.h>
@@ -470,6 +470,29 @@ nat_PunchFW(struct cmdargs const *arg)
 }
 #endif
 
+int
+nat_SkinnyPort(struct cmdargs const *arg)
+{
+  char *end;
+  long port;
+
+  if (arg->argc == arg->argn) {
+    PacketAliasSetSkinnyPort(0);
+    return 0;
+  }
+
+  if (arg->argc != arg->argn + 1)
+    return -1;
+
+  port = strtol(arg->argv[arg->argn], &end, 10);
+  if (*end != '\0' || port < 0)
+    return -1;
+
+  PacketAliasSetSkinnyPort(port);
+
+  return 0;
+}
+
 static struct mbuf *
 nat_LayerPush(struct bundle *bundle, struct link *l, struct mbuf *bp,
                 int pri, u_short *proto)
diff --git a/usr.sbin/ppp/ppp/nat_cmd.h b/usr.sbin/ppp/ppp/nat_cmd.h
index 4df604c807e..ab6b9727d33 100644
--- a/usr.sbin/ppp/ppp/nat_cmd.h
+++ b/usr.sbin/ppp/ppp/nat_cmd.h
@@ -24,7 +24,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$OpenBSD: nat_cmd.h,v 1.8 2001/11/23 11:17:03 brian Exp $
+ *	$OpenBSD: nat_cmd.h,v 1.9 2005/07/26 01:32:25 brad Exp $
  */
 
 struct cmdargs;
@@ -37,5 +37,6 @@ extern int nat_SetTarget(struct cmdargs const *);
 #ifndef NO_FW_PUNCH
 extern int nat_PunchFW(struct cmdargs const *);
 #endif
+extern int nat_SkinnyPort(struct cmdargs const *);
 
 extern struct layer natlayer;
diff --git a/usr.sbin/ppp/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp/ppp.8.m4
index 9764c3df280..c2614de31cf 100644
--- a/usr.sbin/ppp/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp/ppp.8.m4
@@ -25,7 +25,7 @@ changecom(,)dnl
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ppp.8.m4,v 1.27 2005/07/25 19:55:32 brad Exp $
+.\" $OpenBSD: ppp.8.m4,v 1.28 2005/07/26 01:32:25 brad Exp $
 .\"
 .Dd September 20, 1995
 .Dt PPP 8
@@ -3905,6 +3905,14 @@ The range will be cleared when the
 command is run.
 .Pp
 If no arguments are given, firewall punching is disabled.
+.It nat skinny_port Op Ar port
+This command tells
+.Nm
+which TCP port is used by the Skinny Station protocol.  Skinny is used by
+Cisco IP phones to communicate with Cisco Call Managers to setup voice
+over IP calls.  The typical port used by Skinny is 2000.
+.Pp
+If no argument is given, skinny aliasing is disabled.
 .It Ic nat same_ports Ar yes | no
 When enabled, this command tells the network address translation engine to
 attempt to avoid changing the port number on outgoing packets.