| libalias.3 (131420) | libalias.3 (131504) |
|---|---|
| 1.\"- 2.\" Copyright (c) 2001 Charles Mott <cm@linktel.net> 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" | 1.\"- 2.\" Copyright (c) 2001 Charles Mott <cm@linktel.net> 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" |
| 26.\" $FreeBSD: head/sys/netinet/libalias/libalias.3 131420 2004-07-01 17:51:48Z ru $ | 26.\" $FreeBSD: head/sys/netinet/libalias/libalias.3 131504 2004-07-02 23:52:20Z ru $ |
| 27.\" 28.Dd January 17, 2004 29.Dt LIBALIAS 3 30.Os 31.Sh NAME 32.Nm libalias 33.Nd packet aliasing library for masquerading and network address translation 34.Sh SYNOPSIS --- 156 unchanged lines hidden (view full) --- 191This can be done as long as the quintuple (proto, alias addr, alias port, 192remote addr, remote port) is unique. 193If a conflict exists, a new aliasing port number is chosen even if this 194mode bit is set. 195.It Dv PKT_ALIAS_USE_SOCKETS 196This bit should be set when the packet aliasing host originates network 197traffic as well as forwards it. 198When the packet aliasing host is waiting for a connection from an unknown | 27.\" 28.Dd January 17, 2004 29.Dt LIBALIAS 3 30.Os 31.Sh NAME 32.Nm libalias 33.Nd packet aliasing library for masquerading and network address translation 34.Sh SYNOPSIS --- 156 unchanged lines hidden (view full) --- 191This can be done as long as the quintuple (proto, alias addr, alias port, 192remote addr, remote port) is unique. 193If a conflict exists, a new aliasing port number is chosen even if this 194mode bit is set. 195.It Dv PKT_ALIAS_USE_SOCKETS 196This bit should be set when the packet aliasing host originates network 197traffic as well as forwards it. 198When the packet aliasing host is waiting for a connection from an unknown |
| 199host address or unknown port number (e.g. an FTP data connection), this | 199host address or unknown port number (e.g.\& an FTP data connection), this |
| 200mode bit specifies that a socket be allocated as a place holder to prevent 201port conflicts. 202Once a connection is established, usually within a minute or so, the socket 203is closed. 204.It Dv PKT_ALIAS_UNREGISTERED_ONLY 205If this mode bit is set, traffic on the local network which does not 206originate from unregistered address spaces will be ignored. 207Standard Class A, B and C unregistered addresses are: --- 24 unchanged lines hidden (view full) --- 232`punch holes' in an 233.Xr ipfirewall 4 234based firewall for FTP/IRC DCC connections. 235The holes punched are bound by from/to IP address and port; it will not be 236possible to use a hole for another connection. 237A hole is removed when the connection that uses it dies. 238To cater to unexpected death of a program using 239.Nm | 200mode bit specifies that a socket be allocated as a place holder to prevent 201port conflicts. 202Once a connection is established, usually within a minute or so, the socket 203is closed. 204.It Dv PKT_ALIAS_UNREGISTERED_ONLY 205If this mode bit is set, traffic on the local network which does not 206originate from unregistered address spaces will be ignored. 207Standard Class A, B and C unregistered addresses are: --- 24 unchanged lines hidden (view full) --- 232`punch holes' in an 233.Xr ipfirewall 4 234based firewall for FTP/IRC DCC connections. 235The holes punched are bound by from/to IP address and port; it will not be 236possible to use a hole for another connection. 237A hole is removed when the connection that uses it dies. 238To cater to unexpected death of a program using 239.Nm |
| 240(e.g. kill -9), | 240(e.g.\& kill -9), |
| 241changing the state of the flag will clear the entire firewall range 242allocated for holes. 243This will also happen on the initial call to 244.Fn LibAliasSetFWBase . 245This call must happen prior to setting this flag. 246.It Dv PKT_ALIAS_REVERSE 247This option makes 248.Nm --- 306 unchanged lines hidden (view full) --- 555is called multiple times to add entries to the 556.Fa link Ns 's 557server pool. 558.Pp 559For links created with 560.Fn LibAliasRedirectAddr , 561the 562.Fa port | 241changing the state of the flag will clear the entire firewall range 242allocated for holes. 243This will also happen on the initial call to 244.Fn LibAliasSetFWBase . 245This call must happen prior to setting this flag. 246.It Dv PKT_ALIAS_REVERSE 247This option makes 248.Nm --- 306 unchanged lines hidden (view full) --- 555is called multiple times to add entries to the 556.Fa link Ns 's 557server pool. 558.Pp 559For links created with 560.Fn LibAliasRedirectAddr , 561the 562.Fa port |
| 563argument is ignored and could have any value, e.g. htons(~0). | 563argument is ignored and could have any value, e.g.\& htons(~0). |
| 564.Pp 565This function returns 0 on success, \-1 otherwise. 566.Ed 567.Pp 568.Ft int 569.Fn LibAliasRedirectDynamic "struct libalias *" "struct alias_link *link" 570.Bd -ragged -offset indent 571This function marks the specified static redirect rule entered by 572.Fn LibAliasRedirectPort 573as dynamic. | 564.Pp 565This function returns 0 on success, \-1 otherwise. 566.Ed 567.Pp 568.Ft int 569.Fn LibAliasRedirectDynamic "struct libalias *" "struct alias_link *link" 570.Bd -ragged -offset indent 571This function marks the specified static redirect rule entered by 572.Fn LibAliasRedirectPort 573as dynamic. |
| 574This can be used to e.g. dynamically redirect a single TCP connection, | 574This can be used to e.g.\& dynamically redirect a single TCP connection, |
| 575after which the rule is removed. 576Only fully specified links can be made dynamic. 577(See the 578.Sx STATIC AND DYNAMIC LINKS 579and 580.Sx PARTIALLY SPECIFIED ALIASING LINKS | 575after which the rule is removed. 576Only fully specified links can be made dynamic. 577(See the 578.Sx STATIC AND DYNAMIC LINKS 579and 580.Sx PARTIALLY SPECIFIED ALIASING LINKS |
| 581sections below for a definition of static vs. dynamic, 582and partially vs. fully specified links.) | 581sections below for a definition of static vs.\& dynamic, 582and partially vs.\& fully specified links.) |
| 583.Pp 584This function returns 0 on success, \-1 otherwise. 585.Ed 586.Pp 587.Ft void 588.Fn LibAliasRedirectDelete "struct libalias *" "struct alias_link *link" 589.Bd -ragged -offset indent 590This function will delete a specific static redirect rule entered by --- 282 unchanged lines hidden (view full) --- 873An outgoing packet, which has already been aliased, 874has its private address/port information restored by this function. 875The IP packet is pointed to by 876.Fa buffer , 877and 878.Fa maxpacketsize 879is provided for error checking purposes. 880This function can be used if an already-aliased packet needs to have its | 583.Pp 584This function returns 0 on success, \-1 otherwise. 585.Ed 586.Pp 587.Ft void 588.Fn LibAliasRedirectDelete "struct libalias *" "struct alias_link *link" 589.Bd -ragged -offset indent 590This function will delete a specific static redirect rule entered by --- 282 unchanged lines hidden (view full) --- 873An outgoing packet, which has already been aliased, 874has its private address/port information restored by this function. 875The IP packet is pointed to by 876.Fa buffer , 877and 878.Fa maxpacketsize 879is provided for error checking purposes. 880This function can be used if an already-aliased packet needs to have its |
| 881original IP header restored for further processing (eg. logging). | 881original IP header restored for further processing (e.g.\& logging). |
| 882.Ed 883.Sh BUGS 884PPTP aliasing does not work when more than one internal client 885connects to the same external server at the same time, because 886PPTP requires a single TCP control connection to be established 887between any two IP addresses. 888.Sh AUTHORS 889.An Charles Mott Aq cm@linktel.net , --- 129 unchanged lines hidden --- | 882.Ed 883.Sh BUGS 884PPTP aliasing does not work when more than one internal client 885connects to the same external server at the same time, because 886PPTP requires a single TCP control connection to be established 887between any two IP addresses. 888.Sh AUTHORS 889.An Charles Mott Aq cm@linktel.net , --- 129 unchanged lines hidden --- |