Commit Graph

28 Commits

Author SHA1 Message Date
Paolo Pisati
be4f3cd0d9 Summer of Code 2005: improve libalias - part 1 of 2
With the first part of my previous Summer of Code work, we get:

-made libalias modular:

 -support for 'particular' protocols (like ftp/irc/etcetc) is no more
  hardcoded inside libalias, but it's available through external
  modules loadable at runtime

 -modules are available both in kernel (/boot/kernel/alias_*.ko) and
  user land (/lib/libalias_*)

 -protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
  skinny and smedia

-added logging support for kernel side

-cleanup

After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.

During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.

User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.

The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).

General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.

NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.

Approved by: glebius
Reviewed by: glebius, ru
2006-09-26 23:26:53 +00:00
Gleb Smirnoff
59dde15e82 Disable checksum processing in LibAlias, when it works as a
kernel module. LibAlias is not aware about checksum offloading,
so the caller should provide checksum calculation. (The only
current consumer is ng_nat(4)). When TCP packet internals has
been changed and it requires checksum recalculation, a cookie
is set in th_x2 field of TCP packet, to inform caller that it
needs to recalculate checksum. This ugly hack would be removed
when LibAlias is made more kernel friendly.

Incremental checksum updates are left as is, since they don't
conflict with offloading.

Approved by:	re (scottl)
2005-06-27 07:36:02 +00:00
Gleb Smirnoff
6293e003c9 s/DEBUG/LIBALIAS_DEBUG/, since DEBUG is defined in LINT and
not supported for kernel build.
2005-05-06 11:07:49 +00:00
Gleb Smirnoff
75bc262006 Always include alias.h before alias_local.h 2005-05-05 21:55:17 +00:00
Gleb Smirnoff
c649a2e033 Play with includes so that libalias can be compiled both as userland
library and kernel module.
2005-05-05 19:27:32 +00:00
Dag-Erling Smørgrav
9fa0fd2682 Introduce inline {ip,udp,tcp}_next() functions which take a pointer to an
{ip,udp,tcp} header and return a void * pointing to the payload (i.e. the
first byte past the end of the header and any required padding).  Use them
consistently throughout libalias to a) reduce code duplication, b) improve
code legibility, c) get rid of a bunch of alignment warnings.
2004-07-06 12:13:28 +00:00
Dag-Erling Smørgrav
ed01a58215 Make libalias WARNS?=6-clean. This mostly involves renaming variables
named link, foo_link or link_foo to lnk, foo_lnk or lnk_foo, fixing
signed / unsigned comparisons, and shoving unused function arguments
under the carpet.

I was hoping WARNS?=6 might reveal more serious problems, and perhaps
the source of the -O2 breakage, but found no smoking gun.
2004-07-05 11:10:57 +00:00
Dag-Erling Smørgrav
ffcb611a9d Parenthesize return values. 2004-07-05 10:55:23 +00:00
Dag-Erling Smørgrav
f311ebb4ec Mechanical whitespace cleanup. 2004-07-05 10:53:28 +00:00
Dag-Erling Smørgrav
f0f93429cf Run through indent(1) so I can read the code without getting a headache.
The result isn't quite knf, but it's knfer than the original, and far
more consistent.
2004-03-16 21:30:41 +00:00
Poul-Henning Kamp
5e289f9eb6 Mostly mechanical rework of libalias:
Makes it possible to have multiple packet aliasing instances in a
single process by moving all static and global variables into an
instance structure called "struct libalias".

Redefine a new API based on s/PacketAlias/LibAlias/g

Add new "instance" argument to all functions in the new API.

Implement old API in terms of the new API.
2004-01-17 10:52:21 +00:00
Ruslan Ermilov
8573e68110 When servicing an internal FTP server, punch ipfirewall(4) holes
for passive mode data connections (PASV/EPSV -> 227/229).  Well,
the actual punching happens a bit later, when the aliasing link
becomes fully specified.

Prodded by:	Danny Carroll <dannycarroll@hotmail.com>
MFC after:	1 week
2001-11-27 10:50:23 +00:00
Brian Somers
e83aaae350 cmott@scientech.com -> cm@linktel.net
Requested by:	Charles Mott <cmott@scientech.com>
2001-11-03 11:34:09 +00:00
Matthew Dillon
e2505aa676 Add __FBSDID's to libalias 2001-09-30 21:03:33 +00:00
Ruslan Ermilov
c1dd00f75c Fixed the bug that prevented communication with FTP servers behind
NAT in extended passive mode if the server's public IP address was
different from the main NAT address.  This caused a wrong aliasing
link to be created that did not route the incoming packets back to
the original IP address of the server.

	natd -v -n pub0 -redirect_address localFTP publicFTP

Note that even if localFTP == publicFTP, one still needs to supply
the -redirect_address directive.  It is needed as a helper because
extended passive mode's 229 reply does not contain the IP address.

MFC after:	1 week
2001-09-21 14:38:36 +00:00
Brian Somers
f68e0a68d8 Make the copyright consistent.
Previously approved by:	Charles Mott <cmott@scientech.com>
2001-08-20 22:57:33 +00:00
Ruslan Ermilov
3277d1c498 Fixed the brain-o in rev. 1.10: the logic check was reversed.
Reported by:	Bernd Fuerwitt <bf@fuerwitt.de>
2001-06-27 14:11:25 +00:00
Brian Somers
f987e1bd0f Add BSD-style copyright headers
Approved by: Charles Mott <cmott@scientech.com>
2001-06-04 15:09:51 +00:00
Ruslan Ermilov
79ec1c507a Add an integer field to keep protocol-specific flags with links.
For FTP control connection, keep the CRLF end-of-line termination
status in there.

Fixed the bug when the first FTP command in a session was ignored.

PR:		24048
MFC after:	1 week
2001-05-30 14:24:35 +00:00
Ruslan Ermilov
642cd09fb3 Added boolean argument to link searching functions, indicating
whether they should create a link if lookup has failed or not.
2000-10-30 17:24:12 +00:00
Ruslan Ermilov
b766604065 - Improved passive mode FTP support by aliasing 229 replies.
- Stricter checking of PORT/EPRT/227/229 messages format.
- Moved all security checks into one place.
2000-06-16 20:36:16 +00:00
Ruslan Ermilov
7652512976 - Added support for passive mode FTP by aliasing 227 replies.
It does mean that it is now possible to run passive-mode FTP
  server behind NAT.

- SECURITY: FTP aliasing engine now ensures that:
  o the segment preceding a PORT/227 segment terminates with a \r\n;
  o the IP address in the PORT/227 matches the source IP address of
    the packet;
  o the port number in the PORT command or 277 reply is greater than
    or equal to 1024.

Submitted by:	Erik Salander <erik@whistle.com>
Reviewed by:	ru
2000-06-14 16:09:35 +00:00
Ruslan Ermilov
67b333b7e4 - Add support for FTP EPRT (RFC 2428) command.
- Minor optimizations.
- Minor spelling fixes.

PR:		14305
Submitted by:	ume
Rewritten by:	ru
2000-04-06 15:54:52 +00:00
Bill Fumerola
a5a388c7ab Add $FreeBSD$ and spell Eklund properly.
Approved by:	brian (well, he approved adding $Id$)
1999-08-29 23:17:04 +00:00
Brian Somers
4c32f5d217 Remove all diagnostics to stdout/stderr with #ifdef DEBUG
Statify functions in alias_nbt.c
1999-03-09 23:44:00 +00:00
Brian Somers
b5ce85fe32 Don't call PunchFWHole() ifdef NO_FW_PUNCH
Pointed out by: "Steve Sims" <SimsS@IBM.Net>
1998-06-06 21:52:37 +00:00
Eivind Eklund
8ddc51bc8b Teach libalias to work with IPFW firewalls (controlled by a flag).
Obtained from: Yes development tree (+ 10 lines of patches from
	Charles Mott, original libalias author)
1998-01-09 21:13:35 +00:00
Brian Somers
3b160b8b6e Create the alias library. This is currently only used by
ppp (or will be shortly).  Natd can now be updated to use
this library rather than carrying its own version of the code.

Submitted by:	Charles Mott <cmott@srv.net>
1997-05-23 04:41:31 +00:00