#
95ee2897 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: two-line .h pattern Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
#
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
|
#
d261e57d |
|
28-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: Switch to efficient data structure for incoming traffic Current data structure is using a hash of unordered lists. Those unordered lists are quite efficient, because the least recently inserted entries are most likely to be used again. In order to avoid long search times in other cases, the lists are hashed into many buckets. Unfortunatly a search for a miss needs an exhaustive inspection and a careful definition of the hash. Splay trees offer a similar feature: Almost O(1) for access of the least recently used entries, and amortized O(ln(n)) for almost all other cases. Get rid of the hash. Now the data structure should able to quickly react to external packets without eating CPU cycles for breakfast, preventing a DoS. PR: 192888 Discussed with: Dimitry Luhtionov MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30536
|
#
935fc93a |
|
27-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: Switch to efficient data structure for outgoing traffic Current data structure is using a hash of unordered lists. Those unordered lists are quite efficient, because the least recently inserted entries are most likely to be used again. In order to avoid long search times in other cases, the lists are hashed into many buckets. Unfortunatly a search for a miss needs an exhaustive inspection and a careful definition of the hash. Splay trees offer a similar feature - almost O(1) for access of the least recently used entries), and amortized O(ln(n) - for almost all other cases. Get rid of the hash. Discussed with: Dimitry Luhtionov MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30516
|
#
fe83900f |
|
01-Jun-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: Restructure - Remove temporary state deleteAllLinks from global struct The entry deleteAllLinks in the struct libalias is only used to signal a state between internal calls. It's not used between API calls. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30604
|
#
1178dda5 |
|
27-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: Restructure - Table for PPTP Let PPTP use its own data structure. Regroup and rename other lists, which are not PPTP. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30580
|
#
492d3b71 |
|
26-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: Restructure - Group incoming links Reorder incoming links by grouping of common search terms. Significant performance improvement for incoming (missing) flows. Remove LSNAT from outgoing search. Slight speedup due to less comparsions in the loop. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30574
|
#
cac129e6 |
|
25-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: Restructure - Table for partially links Separate the partially specified links into a separate data structure. This would causes a major parformance impact, if there are many of them. Use a (smaller) hash table to speed up the partially link access. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30570
|
#
ef828d39 |
|
25-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: Promote per instance global variable timeStamp Summary: - Use LibAliasTime as a real global variable for central timekeeping. - Reduce number of syscalls in user space considerably. - Dynamically adjust the packet counters to match the second resolution. - Only check the first few packets after a time increase for expiry. Discussed with: hselasky MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30566
|
#
3fd20a79 |
|
31-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: Stats are unsigned Stats counters are used as unsigned valued (i.e. printf("%u")) but are defined as signed int. This causes trouble later, so fix it early. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30587
|
#
294799c6 |
|
15-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: tidy up housekeeping Replace current expensive, but sparsly called housekeeping by a single, repetive action. This is part of a larger restructure of libalias in order to switch to more efficient data structures. The whole restructure process is split into 15 reviews to ease reviewing. All those steps will be squashed into a single commit for MFC in order to hide the intermediate states from production systems. Reviewed by: hselasky MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30277
|
#
bfd41ba1 |
|
15-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: Remove unused function LibAliasCheckNewLink The functionality to detect a newly created link after processing a single packet is decoupled from the packet processing. Every new packet is processed asynchronously and will reset the indicator, hence the function is unusable. I made a Google search for third party code, which uses the function, and failed to find one. That's why the function should be removed: It unusable and unused. A much simplified API/ABI will remain in anything below 14. Discussed with: kp Reviewed by: manpages (bcr) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30275
|
#
189f8eea |
|
13-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: replace placeholder with static constant The field nullAddress in struct libalias is never set and never used. It exists as a placeholder for an unused argument only. Reviewed by: hselasky MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D30253
|
#
effc8e57 |
|
14-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
libalias: Style cleanup libalias is a convolut of various coding styles modified by a series of different editors enforcing interesting convetions on spacing and comments. This patch is a baseline to start with a perfomance rework of libalias. Upcoming patches should be focus on the code, not on the style. That's why most annoying style errors should be fixed beforehand. Reviewed by: hselasky Discussed by: emaste MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D30259
|
#
a08cdb6c |
|
02-Feb-2021 |
Neel Chauhan <nc@FreeBSD.org> |
Allow setting alias port ranges in libalias and ipfw. This will allow a system to be a true RFC 6598 NAT444 setup, where each network segment (e.g. user, subnet) can have their own dedicated port aliasing ranges. Reviewed by: donner, kp Approved by: 0mp (mentor), donner, kp Differential Revision: https://reviews.freebsd.org/D23450
|
#
bc596e56 |
|
19-Jan-2021 |
Alex Richardson <arichardson@FreeBSD.org> |
libalias: Fix -Wcast-align compiler warnings This fixes -Wcast-align warnings caused by the underaligned `struct ip`. This also silences them in the public functions by changing the function signature from char * to void *. This is source and binary compatible and avoids the -Wcast-align warning. Reviewed By: ae, gbe (manpages) Differential Revision: https://reviews.freebsd.org/D27882
|
#
662c1305 |
|
01-Sep-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
net: clean up empty lines in .c and .h files
|
#
fe267a55 |
|
27-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys: general adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. No functional change intended.
|
#
8144690a |
|
16-Feb-2017 |
Eric van Gyzen <vangyzen@FreeBSD.org> |
Use inet_ntoa_r() instead of inet_ntoa() throughout the kernel inet_ntoa() cannot be used safely in a multithreaded environment because it uses a static local buffer. Instead, use inet_ntoa_r() with a buffer on the caller's stack. Suggested by: glebius, emaste Reviewed by: gnn MFC after: 2 weeks Sponsored by: Dell EMC Differential Revision: https://reviews.freebsd.org/D9625
|
#
a4641f4e |
|
03-May-2016 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys/net*: minor spelling fixes. No functional change.
|
#
05116753 |
|
22-Jun-2011 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Export AddLink() function from libalias. It can be used when custom alias address needs to be specified. Add inbound handler to the alias_ftp module. It helps handle active FTP transfer mode for the case with external clients and FTP server behind NAT. Fix passive FTP transfer case for server behind NAT using redirect with external IP address different from NAT ip address. PR: kern/157957 Submitted by: Alexander V. Chernikov
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
37ce2656 |
|
07-Feb-2009 |
Paolo Pisati <piso@FreeBSD.org> |
Add SCTP NAT support. Submitted by: CAIA (http://caia.swin.edu.au)
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
ef30318e |
|
01-Jun-2008 |
Alexander Motin <mav@FreeBSD.org> |
Increase LINK_TABLE_OUT_SIZE from 101 to 4001 like LINK_TABLE_IN_SIZE to reduce performance degradation under heavy outgoing scan/flood. Scalability is now much more important then several kilobytes of RAM. Remove unneded TCP-specific expiration handeling. Before this connected TCP sessions could never expire. Now connected TCP sessions will expire after 24hours of inactivity. Simplify HouseKeeping() to avoid several mul/div-s per packet. Taking into account increased LINK_TABLE_OUT_SIZE, precision is still much more then required.
|
#
4741f3a1 |
|
06-Mar-2008 |
Paolo Pisati <piso@FreeBSD.org> |
MFP4: restrict the utilization of direct pointers to the content of ip packet. These modifications are functionally nop()s thus can be merged with no side effects.
|
#
ccd57eea |
|
14-Dec-2006 |
Paolo Pisati <piso@FreeBSD.org> |
o made in kernel libalias mpsafe o fixed a comment o made in kernel libalias a bit less verbose (disabled automatic logging everytime a new link is added or deleted) Approved by: glebius (mentor)
|
#
be4f3cd0 |
|
26-Sep-2006 |
Paolo Pisati <piso@FreeBSD.org> |
Summer of Code 2005: improve libalias - part 1 of 2 With the first part of my previous Summer of Code work, we get: -made libalias modular: -support for 'particular' protocols (like ftp/irc/etcetc) is no more hardcoded inside libalias, but it's available through external modules loadable at runtime -modules are available both in kernel (/boot/kernel/alias_*.ko) and user land (/lib/libalias_*) -protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp, skinny and smedia -added logging support for kernel side -cleanup After a buildworld, do a 'mergemaster -i' to install the file libalias.conf in /etc or manually copy it. During startup (and after every HUP signal) user land applications running the new libalias will try to read a file in /etc called libalias.conf: that file contains the list of modules to load. User land applications affected by this commit are ppp and natd: if libalias.conf is present in /etc you won't notice any difference. The only kernel land bit affected by this commit is ng_nat: if you are using ng_nat, and it doesn't correctly handle ftp/irc/etcetc sessions anymore, remember to kldload the correspondent module (i.e. kldload alias_ftp). General information and details about the inner working are available in the libalias man page under the section 'MODULAR ARCHITECTURE (AND ipfw(4) SUPPORT)'. NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat support will be part of the next libalias-related commit. Approved by: glebius Reviewed by: glebius, ru
|
#
59dde15e |
|
27-Jun-2005 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Disable checksum processing in LibAlias, when it works as a kernel module. LibAlias is not aware about checksum offloading, so the caller should provide checksum calculation. (The only current consumer is ng_nat(4)). When TCP packet internals has been changed and it requires checksum recalculation, a cookie is set in th_x2 field of TCP packet, to inform caller that it needs to recalculate checksum. This ugly hack would be removed when LibAlias is made more kernel friendly. Incremental checksum updates are left as is, since they don't conflict with offloading. Approved by: re (scottl)
|
#
c8564bff |
|
05-May-2005 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Things required to build libalias as kernel module: - kernel module declarations and handler. - macros to map malloc(3) calls to malloc(9) ones. - malloc(9) declarations. - call finishoff() from module handler MOD_UNLOAD case instead of atexit(3). - use panic(9) instead of abort(3) - take time from time_second instead of gettimeofday(2) - define INADDR_NONE
|
#
40106c14 |
|
05-May-2005 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Add NO_LOGGING knob, which cuts off functionality of debug logging to a file.
|
#
9fa0fd26 |
|
05-Jul-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Introduce inline {ip,udp,tcp}_next() functions which take a pointer to an {ip,udp,tcp} header and return a void * pointing to the payload (i.e. the first byte past the end of the header and any required padding). Use them consistently throughout libalias to a) reduce code duplication, b) improve code legibility, c) get rid of a bunch of alignment warnings.
|
#
ed01a582 |
|
05-Jul-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libalias WARNS?=6-clean. This mostly involves renaming variables named link, foo_link or link_foo to lnk, foo_lnk or lnk_foo, fixing signed / unsigned comparisons, and shoving unused function arguments under the carpet. I was hoping WARNS?=6 might reveal more serious problems, and perhaps the source of the -O2 breakage, but found no smoking gun.
|
#
2871c501 |
|
31-Mar-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Deal with aliasing warnings. Reviewed by: ru Approved by: silence on the lists
|
#
f0f93429 |
|
16-Mar-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Run through indent(1) so I can read the code without getting a headache. The result isn't quite knf, but it's knfer than the original, and far more consistent.
|
#
5e289f9e |
|
17-Jan-2004 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Mostly mechanical rework of libalias: Makes it possible to have multiple packet aliasing instances in a single process by moving all static and global variables into an instance structure called "struct libalias". Redefine a new API based on s/PacketAlias/LibAlias/g Add new "instance" argument to all functions in the new API. Implement old API in terms of the new API.
|
#
b07fbc17 |
|
23-Sep-2003 |
Joe Marcus Clarke <marcus@FreeBSD.org> |
Add Cisco Skinny Station protocol support to libalias, natd, and ppp. Skinny is the protocol used by Cisco IP phones to talk to Cisco Call Managers. With this code, one can use a Cisco IP phone behind a FreeBSD NAT gateway. Currently, having the Call Manager behind the NAT gateway is not supported. More information on enabling Skinny support in libalias, natd, and ppp can be found in those applications' manpages. PR: 55843 Reviewed by: ru Approved by: ru MFC after: 30 days
|
#
27cc91fb |
|
01-Jul-2002 |
Brian Somers <brian@FreeBSD.org> |
Remove trailing whitespace
|
#
e83aaae3 |
|
03-Nov-2001 |
Brian Somers <brian@FreeBSD.org> |
cmott@scientech.com -> cm@linktel.net Requested by: Charles Mott <cmott@scientech.com>
|
#
f987e1bd |
|
04-Jun-2001 |
Brian Somers <brian@FreeBSD.org> |
Add BSD-style copyright headers Approved by: Charles Mott <cmott@scientech.com>
|
#
79ec1c50 |
|
30-May-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
Add an integer field to keep protocol-specific flags with links. For FTP control connection, keep the CRLF end-of-line termination status in there. Fixed the bug when the first FTP command in a session was ignored. PR: 24048 MFC after: 1 week
|
#
71593f95 |
|
24-Mar-2001 |
Brian Somers <brian@FreeBSD.org> |
Make header files conform to style(9). Reviewed by (*): bde (*) alias_local.h only got a cursory glance.
|
#
642cd09f |
|
30-Oct-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
Added boolean argument to link searching functions, indicating whether they should create a link if lookup has failed or not.
|
#
03453c5e |
|
29-Oct-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
A significant rewrite of PPTP aliasing code. PPTP links are no longer dropped by simple (and inappropriate in this case) "inactivity timeout" procedure, only when requested through the control connection. It is now possible to have multiple PPTP servers running behind NAT. Just redirect the incoming TCP traffic to port 1723, everything else is done transparently. Problems were reported and the fix was tested by: Michael Adler <Michael.Adler@compaq.com>, David Andersen <dga@lcs.mit.edu>
|
#
642e43b3 |
|
26-Jul-2000 |
Archie Cobbs <archie@FreeBSD.org> |
Add address translation support for RTSP/RTP used by RealPlayer and Quicktime streaming media applications. Add a BUGS section to the man page. Submitted by: Erik Salander <erik@whistle.com>
|
#
55a39fc5 |
|
20-Jun-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
Added true support for PPTP aliasing. Some nice features include: - Multiple PPTP clients behind NAT to the same or different servers. - Single PPTP server behind NAT -- you just need to redirect TCP port 1723 to a local machine. Multiple servers behind NAT is possible but would require a simple API change. - No API changes! For more information on how this works see comments at the start of the alias_pptp.c. PacketAliasPptp() is no longer necessary and will be removed soon. Submitted by: Erik Salander <erik@whistle.com> Reviewed by: ru Rewritten by: ru Reviewed by: Erik Salander <erik@whistle.com>
|
#
76525129 |
|
14-Jun-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Added support for passive mode FTP by aliasing 227 replies. It does mean that it is now possible to run passive-mode FTP server behind NAT. - SECURITY: FTP aliasing engine now ensures that: o the segment preceding a PORT/227 segment terminates with a \r\n; o the IP address in the PORT/227 matches the source IP address of the packet; o the port number in the PORT command or 277 reply is greater than or equal to 1024. Submitted by: Erik Salander <erik@whistle.com> Reviewed by: ru
|
#
80607605 |
|
28-Apr-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
Replace PacketAliasRedirectPptp() (which had nothing specific to PPTP) with more generic PacketAliasRedirectProto(). Major number is not bumped because it is believed that noone has started using PacketAliasRedirectPptp() yet.
|
#
483d2f22 |
|
18-Apr-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
Add support for multiple PPTP sessions: - new API function: PacketAliasRedirectPptp() - new mode bit: PKT_ALIAS_DENY_PPTP Please see manual page for details.
|
#
79eef4b6 |
|
05-Apr-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Moved NULL definition into private include file. - Minor spelling fixes.
|
#
a5a388c7 |
|
29-Aug-1999 |
Bill Fumerola <billf@FreeBSD.org> |
Add $FreeBSD$ and spell Eklund properly. Approved by: brian (well, he approved adding $Id$)
|
#
942759e7 |
|
24-Mar-1999 |
Brian Somers <brian@FreeBSD.org> |
Add a ``const'' and remove some inconsistent prototype args.
|
#
7d96f4ef |
|
26-Feb-1999 |
Brian Somers <brian@FreeBSD.org> |
Version 3.0: January 1, 1999 - Transparent proxying support added. - PPTP redirecting support added based on patches contributed by Dru Nelson <dnelson@redwoodsoft.com>. Submitted by: Charles Mott <cmott@srv.net>
|
#
374fad8b |
|
13-Dec-1998 |
Matthew Dillon <dillon@FreeBSD.org> |
Reviewed by: freebsd-current Add bounds checking to netbios NS packet resolving code. This should prevent natd from crashing on badly formed netbios packets (as might be heard when the machine is sitting on a cable modem or certain DSL networks), and also closes potential security holes that might have exploited the lack of bounds checking in the previous version of the code.
|
#
0579bd71 |
|
24-Jun-1998 |
Brian Somers <brian@FreeBSD.org> |
Add CUSEEME support. This has *not* been tested, nor could I find anyone to test it, so please report any problems to me.
|
#
b5ce85fe |
|
06-Jun-1998 |
Brian Somers <brian@FreeBSD.org> |
Don't call PunchFWHole() ifdef NO_FW_PUNCH Pointed out by: "Steve Sims" <SimsS@IBM.Net>
|
#
fb9cd36d |
|
23-May-1998 |
Atsushi Murai <amurai@FreeBSD.org> |
Primary verison of NetBIOS over TCP/IP. Now you can connect Windows DOMAIN as DOMAIN user through NAT function. See also RFC1002 for futher detail of SMB structure. Submitted by: Atsushi Murai <amurai@spec.co.jp>
|
#
8ddc51bc |
|
09-Jan-1998 |
Eivind Eklund <eivind@FreeBSD.org> |
Teach libalias to work with IPFW firewalls (controlled by a flag). Obtained from: Yes development tree (+ 10 lines of patches from Charles Mott, original libalias author)
|
#
3efa11bb |
|
03-Aug-1997 |
Brian Somers <brian@FreeBSD.org> |
Update to version 2.2. Only the PacketAlias*() functions should now be used. The old 2.1 stuff is there for backwards compatability. Submitted by: Charles Mott <cmott@snake.srv.net>
|
#
3b160b8b |
|
22-May-1997 |
Brian Somers <brian@FreeBSD.org> |
Create the alias library. This is currently only used by ppp (or will be shortly). Natd can now be updated to use this library rather than carrying its own version of the code. Submitted by: Charles Mott <cmott@srv.net>
|