#
315456 |
|
17-Mar-2017 |
vangyzen |
MFC r313821 r315277 r315286
Use inet_ntoa_r() instead of inet_ntoa() throughout the kernel.
inet_ntoa() cannot be used safely in a multithreaded environment because it uses a static local buffer. Instead, use inet_ntoa_r() with a buffer on the caller's stack, except for KTR messages. KTR can correctly log the immediate integral values passed to it, as well as constant strings, but not non-constant strings, since they might change by the time ktrdump retrieves them. Therefore, use hex notation in KTR messages.
Sponsored by: Dell EMC
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
298995 |
|
03-May-2016 |
pfg |
sys/net*: minor spelling fixes.
No functional change.
|
#
223437 |
|
22-Jun-2011 |
ae |
Export AddLink() function from libalias. It can be used when custom alias address needs to be specified. Add inbound handler to the alias_ftp module. It helps handle active FTP transfer mode for the case with external clients and FTP server behind NAT. Fix passive FTP transfer case for server behind NAT using redirect with external IP address different from NAT ip address.
PR: kern/157957 Submitted by: Alexander V. Chernikov
|
#
188294 |
|
07-Feb-2009 |
piso |
Add SCTP NAT support.
Submitted by: CAIA (http://caia.swin.edu.au)
|
#
179480 |
|
01-Jun-2008 |
mav |
Increase LINK_TABLE_OUT_SIZE from 101 to 4001 like LINK_TABLE_IN_SIZE to reduce performance degradation under heavy outgoing scan/flood. Scalability is now much more important then several kilobytes of RAM.
Remove unneded TCP-specific expiration handeling. Before this connected TCP sessions could never expire. Now connected TCP sessions will expire after 24hours of inactivity.
Simplify HouseKeeping() to avoid several mul/div-s per packet. Taking into account increased LINK_TABLE_OUT_SIZE, precision is still much more then required.
|
#
176884 |
|
06-Mar-2008 |
piso |
MFP4: restrict the utilization of direct pointers to the content of ip packet. These modifications are functionally nop()s thus can be merged with no side effects.
|
#
165243 |
|
15-Dec-2006 |
piso |
o made in kernel libalias mpsafe o fixed a comment o made in kernel libalias a bit less verbose (disabled automatic logging everytime a new link is added or deleted)
Approved by: glebius (mentor)
|
#
162674 |
|
26-Sep-2006 |
piso |
Summer of Code 2005: improve libalias - part 1 of 2
With the first part of my previous Summer of Code work, we get:
-made libalias modular:
-support for 'particular' protocols (like ftp/irc/etcetc) is no more hardcoded inside libalias, but it's available through external modules loadable at runtime
-modules are available both in kernel (/boot/kernel/alias_*.ko) and user land (/lib/libalias_*)
-protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp, skinny and smedia
-added logging support for kernel side
-cleanup
After a buildworld, do a 'mergemaster -i' to install the file libalias.conf in /etc or manually copy it.
During startup (and after every HUP signal) user land applications running the new libalias will try to read a file in /etc called libalias.conf: that file contains the list of modules to load.
User land applications affected by this commit are ppp and natd: if libalias.conf is present in /etc you won't notice any difference.
The only kernel land bit affected by this commit is ng_nat: if you are using ng_nat, and it doesn't correctly handle ftp/irc/etcetc sessions anymore, remember to kldload the correspondent module (i.e. kldload alias_ftp).
General information and details about the inner working are available in the libalias man page under the section 'MODULAR ARCHITECTURE (AND ipfw(4) SUPPORT)'.
NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat support will be part of the next libalias-related commit.
Approved by: glebius Reviewed by: glebius, ru
|
#
147623 |
|
27-Jun-2005 |
glebius |
Disable checksum processing in LibAlias, when it works as a kernel module. LibAlias is not aware about checksum offloading, so the caller should provide checksum calculation. (The only current consumer is ng_nat(4)). When TCP packet internals has been changed and it requires checksum recalculation, a cookie is set in th_x2 field of TCP packet, to inform caller that it needs to recalculate checksum. This ugly hack would be removed when LibAlias is made more kernel friendly.
Incremental checksum updates are left as is, since they don't conflict with offloading.
Approved by: re (scottl)
|
#
145927 |
|
05-May-2005 |
glebius |
Things required to build libalias as kernel module: - kernel module declarations and handler. - macros to map malloc(3) calls to malloc(9) ones. - malloc(9) declarations. - call finishoff() from module handler MOD_UNLOAD case instead of atexit(3). - use panic(9) instead of abort(3) - take time from time_second instead of gettimeofday(2) - define INADDR_NONE
|
#
145925 |
|
05-May-2005 |
glebius |
Add NO_LOGGING knob, which cuts off functionality of debug logging to a file.
|
#
131699 |
|
06-Jul-2004 |
des |
Introduce inline {ip,udp,tcp}_next() functions which take a pointer to an {ip,udp,tcp} header and return a void * pointing to the payload (i.e. the first byte past the end of the header and any required padding). Use them consistently throughout libalias to a) reduce code duplication, b) improve code legibility, c) get rid of a bunch of alignment warnings.
|
#
131614 |
|
05-Jul-2004 |
des |
Make libalias WARNS?=6-clean. This mostly involves renaming variables named link, foo_link or link_foo to lnk, foo_lnk or lnk_foo, fixing signed / unsigned comparisons, and shoving unused function arguments under the carpet.
I was hoping WARNS?=6 might reveal more serious problems, and perhaps the source of the -O2 breakage, but found no smoking gun.
|
#
127689 |
|
31-Mar-2004 |
des |
Deal with aliasing warnings.
Reviewed by: ru Approved by: silence on the lists
|
#
127094 |
|
16-Mar-2004 |
des |
Run through indent(1) so I can read the code without getting a headache. The result isn't quite knf, but it's knfer than the original, and far more consistent.
|
#
124621 |
|
17-Jan-2004 |
phk |
Mostly mechanical rework of libalias:
Makes it possible to have multiple packet aliasing instances in a single process by moving all static and global variables into an instance structure called "struct libalias".
Redefine a new API based on s/PacketAlias/LibAlias/g
Add new "instance" argument to all functions in the new API.
Implement old API in terms of the new API.
|
#
120372 |
|
23-Sep-2003 |
marcus |
Add Cisco Skinny Station protocol support to libalias, natd, and ppp. Skinny is the protocol used by Cisco IP phones to talk to Cisco Call Managers. With this code, one can use a Cisco IP phone behind a FreeBSD NAT gateway.
Currently, having the Call Manager behind the NAT gateway is not supported. More information on enabling Skinny support in libalias, natd, and ppp can be found in those applications' manpages.
PR: 55843 Reviewed by: ru Approved by: ru MFC after: 30 days
|
#
99207 |
|
01-Jul-2002 |
brian |
Remove trailing whitespace
|
#
85964 |
|
03-Nov-2001 |
brian |
cmott@scientech.com -> cm@linktel.net
Requested by: Charles Mott <cmott@scientech.com>
|
#
77701 |
|
04-Jun-2001 |
brian |
Add BSD-style copyright headers
Approved by: Charles Mott <cmott@scientech.com>
|
#
77485 |
|
30-May-2001 |
ru |
Add an integer field to keep protocol-specific flags with links.
For FTP control connection, keep the CRLF end-of-line termination status in there.
Fixed the bug when the first FTP command in a session was ignored.
PR: 24048 MFC after: 1 week
|
#
74778 |
|
25-Mar-2001 |
brian |
Make header files conform to style(9).
Reviewed by (*): bde
(*) alias_local.h only got a cursory glance.
|
#
67980 |
|
30-Oct-2000 |
ru |
Added boolean argument to link searching functions, indicating whether they should create a link if lookup has failed or not.
|
#
67966 |
|
30-Oct-2000 |
ru |
A significant rewrite of PPTP aliasing code.
PPTP links are no longer dropped by simple (and inappropriate in this case) "inactivity timeout" procedure, only when requested through the control connection.
It is now possible to have multiple PPTP servers running behind NAT. Just redirect the incoming TCP traffic to port 1723, everything else is done transparently.
Problems were reported and the fix was tested by: Michael Adler <Michael.Adler@compaq.com>, David Andersen <dga@lcs.mit.edu>
|
#
63899 |
|
26-Jul-2000 |
archie |
Add address translation support for RTSP/RTP used by RealPlayer and Quicktime streaming media applications.
Add a BUGS section to the man page.
Submitted by: Erik Salander <erik@whistle.com>
|
#
61861 |
|
20-Jun-2000 |
ru |
Added true support for PPTP aliasing. Some nice features include:
- Multiple PPTP clients behind NAT to the same or different servers.
- Single PPTP server behind NAT -- you just need to redirect TCP port 1723 to a local machine. Multiple servers behind NAT is possible but would require a simple API change.
- No API changes!
For more information on how this works see comments at the start of the alias_pptp.c.
PacketAliasPptp() is no longer necessary and will be removed soon.
Submitted by: Erik Salander <erik@whistle.com> Reviewed by: ru Rewritten by: ru Reviewed by: Erik Salander <erik@whistle.com>
|
#
61677 |
|
14-Jun-2000 |
ru |
- Added support for passive mode FTP by aliasing 227 replies. It does mean that it is now possible to run passive-mode FTP server behind NAT.
- SECURITY: FTP aliasing engine now ensures that: o the segment preceding a PORT/227 segment terminates with a \r\n; o the IP address in the PORT/227 matches the source IP address of the packet; o the port number in the PORT command or 277 reply is greater than or equal to 1024.
Submitted by: Erik Salander <erik@whistle.com> Reviewed by: ru
|
#
59726 |
|
28-Apr-2000 |
ru |
Replace PacketAliasRedirectPptp() (which had nothing specific to PPTP) with more generic PacketAliasRedirectProto().
Major number is not bumped because it is believed that noone has started using PacketAliasRedirectPptp() yet.
|
#
59356 |
|
18-Apr-2000 |
ru |
Add support for multiple PPTP sessions:
- new API function: PacketAliasRedirectPptp() - new mode bit: PKT_ALIAS_DENY_PPTP
Please see manual page for details.
|
#
59046 |
|
05-Apr-2000 |
ru |
- Moved NULL definition into private include file. - Minor spelling fixes.
|
#
50597 |
|
29-Aug-1999 |
billf |
Add $FreeBSD$ and spell Eklund properly.
Approved by: brian (well, he approved adding $Id$)
|
#
45008 |
|
24-Mar-1999 |
brian |
Add a ``const'' and remove some inconsistent prototype args.
|
#
44307 |
|
27-Feb-1999 |
brian |
Version 3.0: January 1, 1999 - Transparent proxying support added. - PPTP redirecting support added based on patches contributed by Dru Nelson <dnelson@redwoodsoft.com>.
Submitted by: Charles Mott <cmott@srv.net>
|
#
41759 |
|
14-Dec-1998 |
dillon |
Reviewed by: freebsd-current
Add bounds checking to netbios NS packet resolving code. This should prevent natd from crashing on badly formed netbios packets (as might be heard when the machine is sitting on a cable modem or certain DSL networks), and also closes potential security holes that might have exploited the lack of bounds checking in the previous version of the code.
|
#
37131 |
|
24-Jun-1998 |
brian |
Add CUSEEME support. This has *not* been tested, nor could I find anyone to test it, so please report any problems to me.
|
#
36711 |
|
06-Jun-1998 |
brian |
Don't call PunchFWHole() ifdef NO_FW_PUNCH Pointed out by: "Steve Sims" <SimsS@IBM.Net>
|
#
36321 |
|
24-May-1998 |
amurai |
Primary verison of NetBIOS over TCP/IP. Now you can connect Windows DOMAIN as DOMAIN user through NAT function. See also RFC1002 for futher detail of SMB structure.
Submitted by: Atsushi Murai <amurai@spec.co.jp>
|
#
32377 |
|
09-Jan-1998 |
eivind |
Teach libalias to work with IPFW firewalls (controlled by a flag).
Obtained from: Yes development tree (+ 10 lines of patches from Charles Mott, original libalias author)
|
#
27864 |
|
03-Aug-1997 |
brian |
Update to version 2.2. Only the PacketAlias*() functions should now be used. The old 2.1 stuff is there for backwards compatability. Submitted by: Charles Mott <cmott@snake.srv.net>
|
#
26026 |
|
23-May-1997 |
brian |
Create the alias library. This is currently only used by ppp (or will be shortly). Natd can now be updated to use this library rather than carrying its own version of the code.
Submitted by: Charles Mott <cmott@srv.net>
|