#
303975 |
|
11-Aug-2016 |
gjb |
Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, and rename it to RC1.
Update __FreeBSD_version.
Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and the dvd1.iso packages population.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
302408 |
|
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
259865 |
|
25-Dec-2013 |
glebius |
It'll be okay to use LibAliasDetachHandlers() here, relying on the fact that all handlers come from modules' bss and are followed by NODIR handler.
|
#
248416 |
|
17-Mar-2013 |
glebius |
In m_megapullup() instead of reserving some space at the end of packet, m_align() it, reserving space to prepend data.
Reviewed by: mav
|
#
248207 |
|
12-Mar-2013 |
glebius |
Functions m_getm2() and m_get2() have different order of arguments, and that can drive someone crazy. While m_get2() is young and not documented yet, change its order of arguments to match m_getm2().
Sorry for churn, but better now than later.
|
#
246130 |
|
30-Jan-2013 |
glebius |
Utilize m_get2() to get mbuf of appropriate size.
|
#
243882 |
|
05-Dec-2012 |
glebius |
Mechanically substitute flags from historic mbuf allocator with malloc(9) flags within sys.
Exceptions:
- sys/contrib not touched - sys/mbuf.h edited manually
|
#
214754 |
|
03-Nov-2010 |
n_hibma |
Don't spam the console with loaded modules during boot and/or during startup of ppp.
Note: This cannot be hidden behind bootverbose as this file is included from lib/libalias as well.
|
#
198539 |
|
28-Oct-2009 |
brueffer |
Close a stream file descriptor leak.
PR: 138130 Submitted by: Patroklos Argyroudis <argp@census-labs.com> MFC after: 1 week
|
#
190941 |
|
11-Apr-2009 |
piso |
What's the point of adjusting a checksum if we are going to toss the packet? Anticipate the check/return code.
|
#
190938 |
|
11-Apr-2009 |
piso |
Plug two bugs introduced with modules conversion:
-UdpAliasIn(): correctly check return code after modules ran. -alias_nbt: in case of malformed packets (or some other unrecoverable error), toss the packet.
|
#
190935 |
|
11-Apr-2009 |
piso |
Remove stale comments.
|
#
188294 |
|
07-Feb-2009 |
piso |
Add SCTP NAT support.
Submitted by: CAIA (http://caia.swin.edu.au)
|
#
179920 |
|
21-Jun-2008 |
mav |
Implement UDP transparent proxy support.
PR: bin/54274 Submitted by: Nicolai Petri <nicolai@petri.cc>
|
#
179478 |
|
01-Jun-2008 |
mav |
Make m_megapullup() more intelligent: - to increase performance do not reallocate mbuf when possible, - to support up to 16K packets (was 2K max) use mbuf cluster of proper size. This change depends on recent ng_nat and ip_fw_nat changes.
|
#
179472 |
|
01-Jun-2008 |
mav |
Fix packet fragmentation support broken by copy/paste error in rev.1.60. ip_id should be u_short, but not u_char.
|
#
178730 |
|
02-May-2008 |
marck |
Fix build, together with a bit of style breakage.
|
#
177098 |
|
12-Mar-2008 |
piso |
-Don't pass down the entire pkt to ProtoAliasIn, ProtoAliasOut, FragmentIn and FragmentOut. -Axe the old PacketAlias API: it has been deprecated since 5.x.
|
#
176884 |
|
06-Mar-2008 |
piso |
MFP4: restrict the utilization of direct pointers to the content of ip packet. These modifications are functionally nop()s thus can be merged with no side effects.
|
#
165243 |
|
15-Dec-2006 |
piso |
o made in kernel libalias mpsafe o fixed a comment o made in kernel libalias a bit less verbose (disabled automatic logging everytime a new link is added or deleted)
Approved by: glebius (mentor)
|
#
164798 |
|
01-Dec-2006 |
piso |
Make libalias.conf parsing a bit smarter. This closes PR kern/106112.
While here, add mbuf's #includes i forgot in the previous commit.
Approved by: gleb
|
#
164797 |
|
01-Dec-2006 |
piso |
Remove m_megapullup from ng_nat and put it under libalias.
Approved by: gleb
|
#
162674 |
|
26-Sep-2006 |
piso |
Summer of Code 2005: improve libalias - part 1 of 2
With the first part of my previous Summer of Code work, we get:
-made libalias modular:
-support for 'particular' protocols (like ftp/irc/etcetc) is no more hardcoded inside libalias, but it's available through external modules loadable at runtime
-modules are available both in kernel (/boot/kernel/alias_*.ko) and user land (/lib/libalias_*)
-protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp, skinny and smedia
-added logging support for kernel side
-cleanup
After a buildworld, do a 'mergemaster -i' to install the file libalias.conf in /etc or manually copy it.
During startup (and after every HUP signal) user land applications running the new libalias will try to read a file in /etc called libalias.conf: that file contains the list of modules to load.
User land applications affected by this commit are ppp and natd: if libalias.conf is present in /etc you won't notice any difference.
The only kernel land bit affected by this commit is ng_nat: if you are using ng_nat, and it doesn't correctly handle ftp/irc/etcetc sessions anymore, remember to kldload the correspondent module (i.e. kldload alias_ftp).
General information and details about the inner working are available in the libalias man page under the section 'MODULAR ARCHITECTURE (AND ipfw(4) SUPPORT)'.
NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat support will be part of the next libalias-related commit.
Approved by: glebius Reviewed by: glebius, ru
|
#
147636 |
|
27-Jun-2005 |
phk |
Libalias incorrectly applies proxy rules to the global divert socket: it should only look for existing translation entries, not create new ones (no matter how it got the idea).
Approved by: re(scottl)
|
#
145932 |
|
05-May-2005 |
glebius |
Always include alias.h before alias_local.h
|
#
145921 |
|
05-May-2005 |
glebius |
Play with includes so that libalias can be compiled both as userland library and kernel module.
|
#
144666 |
|
05-Apr-2005 |
phk |
natd core dumps when -reverse switch is used because of a bug in libalias.
In /usr/src/lib/libalias/alias.c, the functions LibAliasIn and LibAliasOutTry call the legacy PacketAliasIn/PacketAliasOut instead of LibAliasIn/LibAliasOut when the PKT_ALIAS_REVERSE option is set. In this case, the context variable "la" gets lost because the legacy compatibility routines expect "la" to be global. This was obviously an oversight when rewriting the PacketAlias* functions to the LibAlias* functions.
The fix (as shown in the patch below) is to remove the legacy subroutine calls and replace with the new ones using the "la" struct as the first arg.
Submitted by: Gil Kloepfer <fgil@kloepfer.org> Confirmed by: <nicolai@catpipe.net> PR: 76839 MFC after: 3 days
|
#
133719 |
|
14-Aug-2004 |
phk |
Fix outgoing ICMP on global instance.
|
#
131699 |
|
06-Jul-2004 |
des |
Introduce inline {ip,udp,tcp}_next() functions which take a pointer to an {ip,udp,tcp} header and return a void * pointing to the payload (i.e. the first byte past the end of the header and any required padding). Use them consistently throughout libalias to a) reduce code duplication, b) improve code legibility, c) get rid of a bunch of alignment warnings.
|
#
131693 |
|
06-Jul-2004 |
des |
Rewrite twowords() to access its argument through a char pointer and not a short pointer. The previous implementation seems to be in a gray zone of the C standard, and GCC generates incorrect code for it at -O2 or higher on some platforms.
|
#
131614 |
|
05-Jul-2004 |
des |
Make libalias WARNS?=6-clean. This mostly involves renaming variables named link, foo_link or link_foo to lnk, foo_lnk or lnk_foo, fixing signed / unsigned comparisons, and shoving unused function arguments under the carpet.
I was hoping WARNS?=6 might reveal more serious problems, and perhaps the source of the -O2 breakage, but found no smoking gun.
|
#
131613 |
|
05-Jul-2004 |
des |
Parenthesize return values.
|
#
131612 |
|
05-Jul-2004 |
des |
Mechanical whitespace cleanup.
|
#
131566 |
|
04-Jul-2004 |
phk |
Add LibAliasOutTry() which checks a packet for a hit in the tables, but does not create a new entry if none is found.
|
#
127757 |
|
02-Apr-2004 |
deischen |
Unbreak natd.
Reported and submitted by: Sean McNeil (sean at mcneil.com)
|
#
127689 |
|
31-Mar-2004 |
des |
Deal with aliasing warnings.
Reviewed by: ru Approved by: silence on the lists
|
#
127094 |
|
16-Mar-2004 |
des |
Run through indent(1) so I can read the code without getting a headache. The result isn't quite knf, but it's knfer than the original, and far more consistent.
|
#
124621 |
|
17-Jan-2004 |
phk |
Mostly mechanical rework of libalias:
Makes it possible to have multiple packet aliasing instances in a single process by moving all static and global variables into an instance structure called "struct libalias".
Redefine a new API based on s/PacketAlias/LibAlias/g
Add new "instance" argument to all functions in the new API.
Implement old API in terms of the new API.
|
#
120372 |
|
23-Sep-2003 |
marcus |
Add Cisco Skinny Station protocol support to libalias, natd, and ppp. Skinny is the protocol used by Cisco IP phones to talk to Cisco Call Managers. With this code, one can use a Cisco IP phone behind a FreeBSD NAT gateway.
Currently, having the Call Manager behind the NAT gateway is not supported. More information on enabling Skinny support in libalias, natd, and ppp can be found in those applications' manpages.
PR: 55843 Reviewed by: ru Approved by: ru MFC after: 30 days
|
#
116315 |
|
13-Jun-2003 |
ru |
In the PKT_ALIAS_PROXY_ONLY mode, make sure to preserve the original source IP address, as promised in the manual page.
Spotted by: Vaclav Petricek
|
#
100537 |
|
23-Jul-2002 |
ru |
Don't forget to recalculate the IP checksum of the original IP datagram embedded into ICMP error message.
Spotted by: tcpdump 3.7.1 (-vvv) MFC after: 3 days
|
#
99207 |
|
01-Jul-2002 |
brian |
Remove trailing whitespace
|
#
88132 |
|
18-Dec-2001 |
ru |
Fixed the bug in transparent TCP proxying with the "encode_ip_hdr" option -- TcpAliasOut() did not catch the IP header length change.
Submitted by: Stepachev Andrey <aka50@mail.ru>
|
#
85964 |
|
03-Nov-2001 |
brian |
cmott@scientech.com -> cm@linktel.net
Requested by: Charles Mott <cmott@scientech.com>
|
#
84195 |
|
30-Sep-2001 |
dillon |
Add __FBSDID's to libalias
|
#
82069 |
|
21-Aug-2001 |
ru |
Added TFTP support.
Submitted by: Joe Clarke <marcus@marcuscom.com> MFC after: 2 weeks
|
#
82001 |
|
20-Aug-2001 |
brian |
Make the copyright consistent.
Previously approved by: Charles Mott <cmott@scientech.com>
|
#
77701 |
|
04-Jun-2001 |
brian |
Add BSD-style copyright headers
Approved by: Charles Mott <cmott@scientech.com>
|
#
74778 |
|
25-Mar-2001 |
brian |
Make header files conform to style(9).
Reviewed by (*): bde
(*) alias_local.h only got a cursory glance.
|
#
67980 |
|
30-Oct-2000 |
ru |
Added boolean argument to link searching functions, indicating whether they should create a link if lookup has failed or not.
|
#
67966 |
|
30-Oct-2000 |
ru |
A significant rewrite of PPTP aliasing code.
PPTP links are no longer dropped by simple (and inappropriate in this case) "inactivity timeout" procedure, only when requested through the control connection.
It is now possible to have multiple PPTP servers running behind NAT. Just redirect the incoming TCP traffic to port 1723, everything else is done transparently.
Problems were reported and the fix was tested by: Michael Adler <Michael.Adler@compaq.com>, David Andersen <dga@lcs.mit.edu>
|
#
66545 |
|
02-Oct-2000 |
ru |
A bit of indentation reformatting.
|
#
65332 |
|
01-Sep-2000 |
ru |
Match IPPROTO_ICMP with IP protocol field of the original IP datagram embedded into ICMP error message, not with protocol field of ICMP message itself (which is always IPPROTO_ICMP).
Pointed by: Erik Salander <erik@whistle.com>
|
#
65317 |
|
01-Sep-2000 |
ru |
Changed the way we handle outgoing ICMP error messages -- do not alias `ip_src' unless it comes from the host an original datagram that triggered this error message was destined for.
PR: 20712 Reviewed by: brian, Charles Mott <cmott@scientech.com>
|
#
65280 |
|
31-Aug-2000 |
ru |
Create aliasing links for incoming ICMP echo/timestamp requests. This makes outgoing ICMP echo/timestamp replies to be de-aliased with the right source IP, not exactly the primary aliasing IP.
|
#
63899 |
|
26-Jul-2000 |
archie |
Add address translation support for RTSP/RTP used by RealPlayer and Quicktime streaming media applications.
Add a BUGS section to the man page.
Submitted by: Erik Salander <erik@whistle.com>
|
#
61861 |
|
20-Jun-2000 |
ru |
Added true support for PPTP aliasing. Some nice features include:
- Multiple PPTP clients behind NAT to the same or different servers.
- Single PPTP server behind NAT -- you just need to redirect TCP port 1723 to a local machine. Multiple servers behind NAT is possible but would require a simple API change.
- No API changes!
For more information on how this works see comments at the start of the alias_pptp.c.
PacketAliasPptp() is no longer necessary and will be removed soon.
Submitted by: Erik Salander <erik@whistle.com> Reviewed by: ru Rewritten by: ru Reviewed by: Erik Salander <erik@whistle.com>
|
#
59726 |
|
28-Apr-2000 |
ru |
Replace PacketAliasRedirectPptp() (which had nothing specific to PPTP) with more generic PacketAliasRedirectProto().
Major number is not bumped because it is believed that noone has started using PacketAliasRedirectPptp() yet.
|
#
59356 |
|
18-Apr-2000 |
ru |
Add support for multiple PPTP sessions:
- new API function: PacketAliasRedirectPptp() - new mode bit: PKT_ALIAS_DENY_PPTP
Please see manual page for details.
|
#
59047 |
|
05-Apr-2000 |
ru |
- Remove unused includes. - Minor spelling fixes. - Make IcmpAliasOut2() really work.
Before this change:
# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P natd[87923]: Aliasing to A.A.A.A, mtu 1500 bytes In [UDP] [UDP] X.X.X.X:49562 -> P.P.P.P:50000 aliased to [UDP] X.X.X.X:49562 -> 192.168.1.1:50000 Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to [ICMP] A.A.A.A -> X.X.X.X 3(3)
# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)" tcpdump: listening on PUB_IFACE X.X.X.X.49562 > P.P.P.P.50000: udp 3 A.A.A.A > X.X.X.X: icmp: A.A.A.A udp port 50000 unreachable
After this change:
# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P natd[89360]: Aliasing to A.A.A.A, mtu 1500 bytes In [UDP] [UDP] X.X.X.X:49563 -> P.P.P.P:50000 aliased to [UDP] X.X.X.X:49563 -> 192.168.1.1:50000 Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to [ICMP] P.P.P.P -> X.X.X.X 3(3)
# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)" tcpdump: listening on PUB_IFACE X.X.X.X.49563 > P.P.P.P.50000: udp 3 P.P.P.P > X.X.X.X: icmp: P.P.P.P udp port 50000 unreachable
|
#
51125 |
|
10-Sep-1999 |
ru |
- Optimization to the previous (rev 1.15) commit.
Requested by: eivind Discussed with: eivind Reviewed by: brian, eivind
|
#
51107 |
|
09-Sep-1999 |
ru |
Handle TCP reset sequence properly.
In the words of originator: :If an incoming connection is initiated through natd and deny_incoming is :not set, then a new alias_link structure is created to handle the link. :If there is nothing listening for the incoming connection, then the kernel :responds with a RST for the connection. However, this is not processed :correctly in libalias/alias.c:TcpMonitor{In,Out} and :libalias/alias_db.c:SetState{In,Out} as it thinks a connection :has been established and therefore applies a timeout of 86400 seconds :to the link. : :If many of these half-connections are initiated (during, for example, a :port scan of the host), then many thousands of unnecessary links are :created and the resident size of natd balloons to 20MB or more.
PR: 13639 Reviewed by: brian
|
#
50597 |
|
29-Aug-1999 |
billf |
Add $FreeBSD$ and spell Eklund properly.
Approved by: brian (well, he approved adding $Id$)
|
#
50194 |
|
22-Aug-1999 |
brian |
Aallow ppp to work with Nortel Networks Extranet Switch product and Windows NT tunneling.
Submitted by: Chain Lee <chain@nortelnetworks.com>
|
#
48102 |
|
22-Jun-1999 |
brian |
Don't get caught in an infinite recursion when PKT_ALIAS_REVERSE is set. Document PKT_ALIAS_REVERSE.
Pointed out by: Jonathan Hanna <jh@cr1003333-a.crdva1.bc.home.com> PR: 12304
|
#
44979 |
|
23-Mar-1999 |
billf |
Remove duplicate line.
Reviewed by: eivind
|
#
44307 |
|
27-Feb-1999 |
brian |
Version 3.0: January 1, 1999 - Transparent proxying support added. - PPTP redirecting support added based on patches contributed by Dru Nelson <dnelson@redwoodsoft.com>.
Submitted by: Charles Mott <cmott@srv.net>
|
#
41759 |
|
14-Dec-1998 |
dillon |
Reviewed by: freebsd-current
Add bounds checking to netbios NS packet resolving code. This should prevent natd from crashing on badly formed netbios packets (as might be heard when the machine is sitting on a cable modem or certain DSL networks), and also closes potential security holes that might have exploited the lack of bounds checking in the previous version of the code.
|
#
37131 |
|
24-Jun-1998 |
brian |
Add CUSEEME support. This has *not* been tested, nor could I find anyone to test it, so please report any problems to me.
|
#
36834 |
|
10-Jun-1998 |
brian |
Quieten gcc 2.8.1
|
#
36321 |
|
24-May-1998 |
amurai |
Primary verison of NetBIOS over TCP/IP. Now you can connect Windows DOMAIN as DOMAIN user through NAT function. See also RFC1002 for futher detail of SMB structure.
Submitted by: Atsushi Murai <amurai@spec.co.jp>
|
#
35314 |
|
19-Apr-1998 |
brian |
o Support a compile-time -DNO_FW_PUNCH for portability (and those of us that don't want the functionality). o Don't assume sizeof(long) == 4. Ok'd by: Charles Mott <cmott@srv.net>
|
#
32377 |
|
09-Jan-1998 |
eivind |
Teach libalias to work with IPFW firewalls (controlled by a flag).
Obtained from: Yes development tree (+ 10 lines of patches from Charles Mott, original libalias author)
|
#
29162 |
|
06-Sep-1997 |
brian |
Upgrade to 2.4 (Fix -PKT_ALIAS_UNREGISTERED_ONLY) Submitted by: Charles Mott <cmott@srv.net>
Add __libalias_version so that ppp can derive the correct library name for dlopen()
|
#
27864 |
|
03-Aug-1997 |
brian |
Update to version 2.2. Only the PacketAlias*() functions should now be used. The old 2.1 stuff is there for backwards compatability. Submitted by: Charles Mott <cmott@snake.srv.net>
|
#
26026 |
|
23-May-1997 |
brian |
Create the alias library. This is currently only used by ppp (or will be shortly). Natd can now be updated to use this library rather than carrying its own version of the code.
Submitted by: Charles Mott <cmott@srv.net>
|