Add dynamic (in-kernel) interface name -> address translation. Instead of

using just the interface name instead of an address and reloading the rule
set whenever the interface changes its address, the interface name can be
put in parentheses, and the kernel will keep track of changes and update
rules. There is no additional cost for evaluating rules (per packet),
the cost occurs when an interface changes address (and the rules are
traversed and updated where necessary).

2 files changed, 19 insertions, 23 deletions

diff --git a/share/man/man5/nat.conf.5 b/share/man/man5/nat.conf.5
index 3b3bec24c03..2930f525c55 100644
--- a/share/man/man5/nat.conf.5
+++ b/share/man/man5/nat.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: nat.conf.5,v 1.23 2002/02/27 15:15:29 dhartmei Exp $
+.\"	$OpenBSD: nat.conf.5,v 1.24 2002/04/24 18:10:25 dhartmei Exp $
 .\"
 .\" Copyright (c) 2001 Ian Darwin.  All rights reserved.
 .\"
@@ -119,11 +119,9 @@ set load-time.
 When the address of an interface (or host name) changes (by DHCP or PPP,
 for instance), the rule set must be reloaded for the change to be reflected
 in the kernel.
-See
-.Xr dhclient-script 8
-or
-.Xr ppp 8
-for information on how to automate this task.
+Interface names surrounded by parentheses cause an automatic update of
+the rule whenever the referenced interface changes its address.
+Reloading the rule set is not required in this case.
 If specified,
 .Em mask-bits
 refers to the number of bits in the netmask.
@@ -191,23 +189,21 @@ listening for outbound ftp sessions captured to port 8081.
 # translate outgoing packets' source addresses (any protocol)
 # in my case, any address but the gateway's external address is mapped
 #
-nat on kue0 from ! 157.161.48.183 to any -> 157.161.48.183
+nat on kue0 from ! (kue0) to any -> (kue0)
 
 # BINAT
 # translate outgoing packets' source address (any protocol)
 # translate incoming packets' destination address to an internal machine
 # (bidirectional)
-binat on kue0 from 10.1.2.150 to any -> 157.161.48.184
+binat on kue0 from 10.1.2.150 to any -> (kue0)
 
 # RDR
 # translate incoming packets' destination addresses
 # as an example, redirect a TCP and UDP port to an internal machine
 # NOTE: the lines below are split for readability
 #
-rdr on kue0 proto tcp from any to 157.161.48.183/32 port 8080 \e
-	-> 10.1.2.151 port 22
-rdr on kue0 proto udp from any to 157.161.48.183/32 port 8080 \e
-	-> 10.1.2.151 port 53
+rdr on kue0 proto tcp from any to (kue0) port 8080 -> 10.1.2.151 port 22
+rdr on kue0 proto udp from any to (kue0) port 8080 -> 10.1.2.151 port 53
 
 # RDR 
 # translate outgoing ftp control connections to send them to localhost
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 19c996c8969..d867b13dcf1 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pf.conf.5,v 1.39 2002/04/23 14:32:23 dhartmei Exp $
+.\"	$OpenBSD: pf.conf.5,v 1.40 2002/04/24 18:10:25 dhartmei Exp $
 .\"
 .\" Copyright (c) 2001, Daniel Hartmeier
 .\" All rights reserved.
@@ -68,12 +68,14 @@ af	       = "inet" | "inet6" .
 proto-list     = ( proto-name | proto-number ) [ "," proto-list ] .
 
 hosts          = "all" |
-                 "from" ( "any" | "no-route" | host | "{" host-list "}" ) [ port ]
-                 "to"   ( "any" | "no-route" | host | "{" host-list "}" ) [ port ] .
+                 "from" ( "any" | "no-route" | host | "{" host-list "}" )
+                     [ port ]
+                 "to"   ( "any" | "no-route" | host | "{" host-list "}" )
+                     [ port ] .
 
 host           = [ "!" ] address [ "/" mask-bits ] .
-address        = ( interface-name | host-name | ipv4-dotted-quad |
-                   ipv6-coloned-hex ) .
+address        = ( interface-name | '(' interface-name ')' | host-name |
+                   ipv4-dotted-quad | ipv6-coloned-hex ) .
 host-list      = host [ "," host-list ] .
 port           = "port" ( unary-op | binary-op | "{" port-list "}" ) .
 port-list      = ( unary-op | binary-op ) [ "," port-list ] .
@@ -228,15 +230,13 @@ means any address which is not currently routable.
 .El
 .Pp
 Host name resolution and interface to address translation are done at
-rule set load-time.
+rule set load-time. 
 When the address of an interface (or host name) changes (by DHCP or PPP,
 for instance), the rule set must be reloaded for the change to be reflected
 in the kernel.
-See
-.Xr dhclient-script 8
-or
-.Xr ppp 8
-for information on how to automate this task.
+Interface names surrounded by parentheses cause an automatic update of
+the rule whenever the referenced interface changes its address.
+Reloading the rule set is not required in this case.
 .Pp
 Ports can be specified using these operators
 .Bd -literal