| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
socket: it should only look for existing translation entries,
not create new ones (no matter how it got the idea).
Approved by: re(scottl)
Notes:
svn path=/head/; revision=147636
|
| |
|
|
| |
Notes:
svn path=/head/; revision=145932
|
| |
|
|
|
|
|
| |
library and kernel module.
Notes:
svn path=/head/; revision=145921
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libalias.
In /usr/src/lib/libalias/alias.c, the functions LibAliasIn and
LibAliasOutTry call the legacy PacketAliasIn/PacketAliasOut instead
of LibAliasIn/LibAliasOut when the PKT_ALIAS_REVERSE option is set.
In this case, the context variable "la" gets lost because the legacy
compatibility routines expect "la" to be global. This was obviously
an oversight when rewriting the PacketAlias* functions to the
LibAlias* functions.
The fix (as shown in the patch below) is to remove the legacy
subroutine calls and replace with the new ones using the "la" struct
as the first arg.
Submitted by: Gil Kloepfer <fgil@kloepfer.org>
Confirmed by: <nicolai@catpipe.net>
PR: 76839
MFC after: 3 days
Notes:
svn path=/head/; revision=144666
|
| |
|
|
| |
Notes:
svn path=/head/; revision=133719
|
| |
|
|
|
|
|
|
|
|
| |
{ip,udp,tcp} header and return a void * pointing to the payload (i.e. the
first byte past the end of the header and any required padding). Use them
consistently throughout libalias to a) reduce code duplication, b) improve
code legibility, c) get rid of a bunch of alignment warnings.
Notes:
svn path=/head/; revision=131699
|
| |
|
|
|
|
|
|
|
| |
a short pointer. The previous implementation seems to be in a gray zone
of the C standard, and GCC generates incorrect code for it at -O2 or
higher on some platforms.
Notes:
svn path=/head/; revision=131693
|
| |
|
|
|
|
|
|
|
|
|
|
| |
named link, foo_link or link_foo to lnk, foo_lnk or lnk_foo, fixing
signed / unsigned comparisons, and shoving unused function arguments
under the carpet.
I was hoping WARNS?=6 might reveal more serious problems, and perhaps
the source of the -O2 breakage, but found no smoking gun.
Notes:
svn path=/head/; revision=131614
|
| |
|
|
| |
Notes:
svn path=/head/; revision=131613
|
| |
|
|
| |
Notes:
svn path=/head/; revision=131612
|
| |
|
|
|
|
|
| |
does not create a new entry if none is found.
Notes:
svn path=/head/; revision=131566
|
| |
|
|
|
|
|
| |
Reported and submitted by: Sean McNeil (sean at mcneil.com)
Notes:
svn path=/head/; revision=127757
|
| |
|
|
|
|
|
|
| |
Reviewed by: ru
Approved by: silence on the lists
Notes:
svn path=/head/; revision=127689
|
| |
|
|
|
|
|
|
| |
The result isn't quite knf, but it's knfer than the original, and far
more consistent.
Notes:
svn path=/head/; revision=127094
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Makes it possible to have multiple packet aliasing instances in a
single process by moving all static and global variables into an
instance structure called "struct libalias".
Redefine a new API based on s/PacketAlias/LibAlias/g
Add new "instance" argument to all functions in the new API.
Implement old API in terms of the new API.
Notes:
svn path=/head/; revision=124621
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers. With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.
Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.
PR: 55843
Reviewed by: ru
Approved by: ru
MFC after: 30 days
Notes:
svn path=/head/; revision=120372
|
| |
|
|
|
|
|
|
|
| |
original source IP address, as promised in the manual page.
Spotted by: Vaclav Petricek
Notes:
svn path=/head/; revision=116315
|
| |
|
|
|
|
|
|
|
|
| |
IP datagram embedded into ICMP error message.
Spotted by: tcpdump 3.7.1 (-vvv)
MFC after: 3 days
Notes:
svn path=/head/; revision=100537
|
| |
|
|
| |
Notes:
svn path=/head/; revision=99207
|
| |
|
|
|
|
|
|
|
| |
option -- TcpAliasOut() did not catch the IP header length change.
Submitted by: Stepachev Andrey <aka50@mail.ru>
Notes:
svn path=/head/; revision=88132
|
| |
|
|
|
|
|
| |
Requested by: Charles Mott <cmott@scientech.com>
Notes:
svn path=/head/; revision=85964
|
| |
|
|
| |
Notes:
svn path=/head/; revision=84195
|
| |
|
|
|
|
|
|
| |
Submitted by: Joe Clarke <marcus@marcuscom.com>
MFC after: 2 weeks
Notes:
svn path=/head/; revision=82069
|
| |
|
|
|
|
|
| |
Previously approved by: Charles Mott <cmott@scientech.com>
Notes:
svn path=/head/; revision=82001
|
| |
|
|
|
|
|
| |
Approved by: Charles Mott <cmott@scientech.com>
Notes:
svn path=/head/; revision=77701
|
| |
|
|
|
|
|
|
|
| |
Reviewed by (*): bde
(*) alias_local.h only got a cursory glance.
Notes:
svn path=/head/; revision=74778
|
| |
|
|
|
|
|
| |
whether they should create a link if lookup has failed or not.
Notes:
svn path=/head/; revision=67980
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PPTP links are no longer dropped by simple (and inappropriate in this
case) "inactivity timeout" procedure, only when requested through the
control connection.
It is now possible to have multiple PPTP servers running behind NAT.
Just redirect the incoming TCP traffic to port 1723, everything else
is done transparently.
Problems were reported and the fix was tested by:
Michael Adler <Michael.Adler@compaq.com>,
David Andersen <dga@lcs.mit.edu>
Notes:
svn path=/head/; revision=67966
|
| |
|
|
| |
Notes:
svn path=/head/; revision=66545
|
| |
|
|
|
|
|
|
|
|
| |
datagram embedded into ICMP error message, not with protocol
field of ICMP message itself (which is always IPPROTO_ICMP).
Pointed by: Erik Salander <erik@whistle.com>
Notes:
svn path=/head/; revision=65332
|
| |
|
|
|
|
|
|
|
|
|
| |
not alias `ip_src' unless it comes from the host an original
datagram that triggered this error message was destined for.
PR: 20712
Reviewed by: brian, Charles Mott <cmott@scientech.com>
Notes:
svn path=/head/; revision=65317
|
| |
|
|
|
|
|
|
| |
This makes outgoing ICMP echo/timestamp replies to be de-aliased
with the right source IP, not exactly the primary aliasing IP.
Notes:
svn path=/head/; revision=65280
|
| |
|
|
|
|
|
|
|
|
|
| |
Quicktime streaming media applications.
Add a BUGS section to the man page.
Submitted by: Erik Salander <erik@whistle.com>
Notes:
svn path=/head/; revision=63899
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Multiple PPTP clients behind NAT to the same or different servers.
- Single PPTP server behind NAT -- you just need to redirect TCP
port 1723 to a local machine. Multiple servers behind NAT is
possible but would require a simple API change.
- No API changes!
For more information on how this works see comments at the start of
the alias_pptp.c.
PacketAliasPptp() is no longer necessary and will be removed soon.
Submitted by: Erik Salander <erik@whistle.com>
Reviewed by: ru
Rewritten by: ru
Reviewed by: Erik Salander <erik@whistle.com>
Notes:
svn path=/head/; revision=61861
|
| |
|
|
|
|
|
|
|
|
| |
to PPTP) with more generic PacketAliasRedirectProto().
Major number is not bumped because it is believed that noone
has started using PacketAliasRedirectPptp() yet.
Notes:
svn path=/head/; revision=59726
|
| |
|
|
|
|
|
|
|
|
| |
- new API function: PacketAliasRedirectPptp()
- new mode bit: PKT_ALIAS_DENY_PPTP
Please see manual page for details.
Notes:
svn path=/head/; revision=59356
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Minor spelling fixes.
- Make IcmpAliasOut2() really work.
Before this change:
# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P
natd[87923]: Aliasing to A.A.A.A, mtu 1500 bytes
In [UDP] [UDP] X.X.X.X:49562 -> P.P.P.P:50000 aliased to
[UDP] X.X.X.X:49562 -> 192.168.1.1:50000
Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to
[ICMP] A.A.A.A -> X.X.X.X 3(3)
# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)"
tcpdump: listening on PUB_IFACE
X.X.X.X.49562 > P.P.P.P.50000: udp 3
A.A.A.A > X.X.X.X: icmp: A.A.A.A udp port 50000 unreachable
After this change:
# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P
natd[89360]: Aliasing to A.A.A.A, mtu 1500 bytes
In [UDP] [UDP] X.X.X.X:49563 -> P.P.P.P:50000 aliased to
[UDP] X.X.X.X:49563 -> 192.168.1.1:50000
Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to
[ICMP] P.P.P.P -> X.X.X.X 3(3)
# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)"
tcpdump: listening on PUB_IFACE
X.X.X.X.49563 > P.P.P.P.50000: udp 3
P.P.P.P > X.X.X.X: icmp: P.P.P.P udp port 50000 unreachable
Notes:
svn path=/head/; revision=59047
|
| |
|
|
|
|
|
|
|
| |
Requested by: eivind
Discussed with: eivind
Reviewed by: brian, eivind
Notes:
svn path=/head/; revision=51125
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the words of originator:
:If an incoming connection is initiated through natd and deny_incoming is
:not set, then a new alias_link structure is created to handle the link.
:If there is nothing listening for the incoming connection, then the kernel
:responds with a RST for the connection. However, this is not processed
:correctly in libalias/alias.c:TcpMonitor{In,Out} and
:libalias/alias_db.c:SetState{In,Out} as it thinks a connection
:has been established and therefore applies a timeout of 86400 seconds
:to the link.
:
:If many of these half-connections are initiated (during, for example, a
:port scan of the host), then many thousands of unnecessary links are
:created and the resident size of natd balloons to 20MB or more.
PR: 13639
Reviewed by: brian
Notes:
svn path=/head/; revision=51107
|
| |
|
|
|
|
|
| |
Approved by: brian (well, he approved adding $Id$)
Notes:
svn path=/head/; revision=50597
|
| |
|
|
|
|
|
|
|
| |
product and Windows NT tunneling.
Submitted by: Chain Lee <chain@nortelnetworks.com>
Notes:
svn path=/head/; revision=50194
|
| |
|
|
|
|
|
|
|
|
|
| |
is set.
Document PKT_ALIAS_REVERSE.
Pointed out by: Jonathan Hanna <jh@cr1003333-a.crdva1.bc.home.com>
PR: 12304
Notes:
svn path=/head/; revision=48102
|
| |
|
|
|
|
|
| |
Reviewed by: eivind
Notes:
svn path=/head/; revision=44979
|
| |
|
|
|
|
|
|
|
|
|
| |
- Transparent proxying support added.
- PPTP redirecting support added based on patches
contributed by Dru Nelson <dnelson@redwoodsoft.com>.
Submitted by: Charles Mott <cmott@srv.net>
Notes:
svn path=/head/; revision=44307
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add bounds checking to netbios NS packet resolving code. This should
prevent natd from crashing on badly formed netbios packets (as might be
heard when the machine is sitting on a cable modem or certain DSL
networks), and also closes potential security holes that might have
exploited the lack of bounds checking in the previous version of the
code.
Notes:
svn path=/head/; revision=41759
|
| |
|
|
|
|
|
|
| |
could I find anyone to test it, so please report any
problems to me.
Notes:
svn path=/head/; revision=37131
|
| |
|
|
| |
Notes:
svn path=/head/; revision=36834
|
| |
|
|
|
|
|
|
|
|
| |
DOMAIN as DOMAIN user through NAT function. See also RFC1002 for
futher detail of SMB structure.
Submitted by: Atsushi Murai <amurai@spec.co.jp>
Notes:
svn path=/head/; revision=36321
|
| |
|
|
|
|
|
|
|
| |
(and those of us that don't want the functionality).
o Don't assume sizeof(long) == 4.
Ok'd by: Charles Mott <cmott@srv.net>
Notes:
svn path=/head/; revision=35314
|
| |
|
|
|
|
|
|
| |
Obtained from: Yes development tree (+ 10 lines of patches from
Charles Mott, original libalias author)
Notes:
svn path=/head/; revision=32377
|
