Commit Graph

115 Commits

Author SHA1 Message Date
Roman Kurakin
d53fe7108b Check rule numbers against maximum value to avoid rules cleanup due
to overflow.

MFC after:	5 days.
2008-09-06 17:26:52 +00:00
Alexander Motin
72cbe4adf3 Add exit_delay parameter to control daemon exit delay after signal.
PR:		bin/58696
Submitted by:	sp@alkor.ru
2008-06-22 22:14:02 +00:00
Alexander Motin
b6365f959c Use strdup() instead of static buffer allocation to avoid 128 bytes limit
on -redirect_XXX arguments length.

PR:		bin/86647
Submitted by:	Stephen Hurd <shurd@sasktel.net>
2008-06-22 21:22:25 +00:00
Brian Somers
ec95e4c235 Don't abend if we get ENOMEM from sysctl(3). The data returned
is sufficient

MFC after:	2 weeks
2008-06-06 08:59:55 +00:00
Ruslan Ermilov
98439aaf04 Improve rev. 1.63. Document -instance and -globalport options.
Add a MULTIPLE INSTANCES section which provides an example of
setting up natd in multi-instance mode (based on the notes.natd
file from phk@).

Submitted by:	"Andrey V. Elsukov" <bu7cher@yandex.ru>
Reviewed by:	ru
2008-02-04 15:27:09 +00:00
Tom Rhodes
e30ba4753a Note that the punch_fw option does not work in securelevel 3 and Xref init.8.
Bump .Dd.

PR:		41807
2008-01-21 23:09:18 +00:00
Maxim Konovalov
057c654813 o Markup and grammar fixes. 2007-12-14 14:34:26 +00:00
Ceri Davies
a1bad2e6dc Bump .Dd for r1.63; fix small nit from the same. 2007-12-10 12:03:23 +00:00
Poul-Henning Kamp
c80d9b5937 Add a bit more detailed description about a configuration
file format and about using NAT "instances".

Submitted by: "Andrey V. Elsukov" <bu7cher@yandex.ru>
2007-12-10 07:50:07 +00:00
Paolo Pisati
be4f3cd0d9 Summer of Code 2005: improve libalias - part 1 of 2
With the first part of my previous Summer of Code work, we get:

-made libalias modular:

 -support for 'particular' protocols (like ftp/irc/etcetc) is no more
  hardcoded inside libalias, but it's available through external
  modules loadable at runtime

 -modules are available both in kernel (/boot/kernel/alias_*.ko) and
  user land (/lib/libalias_*)

 -protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
  skinny and smedia

-added logging support for kernel side

-cleanup

After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.

During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.

User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.

The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).

General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.

NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.

Approved by: glebius
Reviewed by: glebius, ru
2006-09-26 23:26:53 +00:00
Xin LI
48ce8ca1aa WARNS=6 and gcc4 cleanup:
- Use const where necessary
	- Use __unused where applicable
	- Rename variables that is conflicit with global definations
2005-05-02 10:13:38 +00:00
Ruslan Ermilov
6a5796e734 Eliminate macro calls inside literal displays. 2005-01-15 12:28:01 +00:00
Tom Rhodes
7cde7ca209 Remove unused variable. 2005-01-08 22:47:10 +00:00
Poul-Henning Kamp
22c624779b Give natd multi-instance capabilities.
This makes it possible to do load-sharing on two xDSL lines etc.
2004-07-04 12:53:54 +00:00
Hiten Pandya
e53f7998da Use strlcpy(3) instead of strcpy(3).
PR:          	46761

Philipp Mergenthaler <philipp.mergenthaler@stud.uni-karlsruhe.de>
2004-05-10 22:33:12 +00:00
Luigi Rizzo
0b46c08590 Replace ROUNDUP/ADVANCE with SA_SIZE 2004-04-13 11:24:43 +00:00
Johan Karlsson
604d24db95 style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
Joe Marcus Clarke
b07fbc17e9 Add Cisco Skinny Station protocol support to libalias, natd, and ppp.
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers.  With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.

Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.

PR:		55843
Reviewed by:	ru
Approved by:	ru
MFC after:	30 days
2003-09-23 07:41:55 +00:00
Ruslan Ermilov
5105f9919f - Clarify the port range syntax in -redirect_port.
PR:	docs/46286

- "IP number" -> "IP address", for consistency.
2003-08-13 15:13:33 +00:00
Ruslan Ermilov
b79840a6db Added an option to specify an alternate PID file.
PR:		bin/37159
Submitted by:	"Aleksandr A. Babaylov" <.@babolo.ru>
2003-08-13 13:16:19 +00:00
Ruslan Ermilov
3d23e8b897 If the -proxy_only option is used, the -alias_address/-interface
options are not required.

Suggested by:	Vaclav Petricek
MFC after:	2 weeks
2003-06-13 22:15:42 +00:00
Ruslan Ermilov
01ba618f4a Don't pretend natd(8) doesn't work with ppp(8) interfaces.
While there's probably a better way to achieve the same,
nothing precludes us from using natd(8) on tun(4) links.

Noticed by:	bde
2003-02-28 15:41:45 +00:00
Philippe Charnier
29e3edcc64 Use a more standard error message. Add FBSDID.
Reviewed by:	ru
2003-02-05 20:08:39 +00:00
Ruslan Ermilov
496f81e0bb Fixed Charles' e-mail here too. 2003-01-23 08:35:21 +00:00
Jens Schweikhardt
9d5abbddbf Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
Ruslan Ermilov
e091d0c2ac can not -> cannot. 2002-08-13 14:10:36 +00:00
Ruslan Ermilov
aa7998d4a1 mdoc(7) police: canonize FreeBSD in e-mail address. 2002-08-13 12:07:40 +00:00
Philippe Charnier
e1205e80e5 The .Nm utility 2002-07-06 19:34:18 +00:00
Archie Cobbs
0099af422c Update my email address. 2002-07-03 20:50:32 +00:00
Ruslan Ermilov
99150dfb78 I don't know what the MAINTAINER means in src/ part of FreeBSD.
I'll still be overseeing the changes that go into natd(8) and
will maintain it the way I see it, non-preventing for the rest
of developers.

I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets
defined.
2002-04-12 19:11:09 +00:00
Ruslan Ermilov
3daff2423f Back out part of the revision 1.2 changes -- sendto(2) can
not return ENOBUFS for unreliable protocols like divert.

This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.

Spotted by:	chkno@dork.com
Explained by:	luigi
Reviewed by:	Ari Suutari <ari.suutari@syncrontech.com>
MFC after:	2 weeks
2002-01-15 17:07:56 +00:00
Ruslan Ermilov
e21a315ec5 s/sysctl -w/sysctl/ 2001-12-11 08:29:10 +00:00
David E. O'Brien
2d68bf45bf Default to WARNS=2.
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
2001-12-04 02:19:58 +00:00
Ruslan Ermilov
c0956cf876 Make -log_ipfw_denied active by default with -verbose.
Discussed with:	phk
2001-11-27 11:06:02 +00:00
Ruslan Ermilov
3843533e18 Fixed (local) style bugs in previous revision. 2001-11-27 11:00:16 +00:00
Poul-Henning Kamp
84ef95bd6e Do not uselessly whine in syslog about packets denied by ipfw rules.
Set 'log_ipfw_denied' option if you want the old behaviour.

PR:	30255
Submitted by:	Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by:	phk
MFC after:	4 weeks
2001-10-31 16:08:49 +00:00
Ruslan Ermilov
c4d9468ea0 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
Ruslan Ermilov
9fe48c6e8d mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
Josef Karthauser
d782daf041 Revert the previous commit on objection from the maintainer. I
missed that natd has a -v option that will give similar functionality.

Requested by:	ru
2001-06-21 12:32:36 +00:00
Josef Karthauser
dc2ea2d874 When reporting that a packet can't be written back, usually because
of a restrictive firewall rule, also report detail on the packet
that caused the failure.

MFC after:	3 days
2001-06-21 10:28:40 +00:00
Ruslan Ermilov
eb0838029f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
Ruslan Ermilov
0a5779d45b - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:33:27 +00:00
Ruslan Ermilov
fe655281c5 Set the default manual section for sbin/ to 8. 2001-03-20 18:13:31 +00:00
Ruslan Ermilov
d0353b836e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
Ruslan Ermilov
7c7fb079b9 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
Ruslan Ermilov
d2a46bc99d Describe -deny_incoming better, highlight some keywords,
add myself to the AUTHORS section.
2000-11-16 12:20:54 +00:00
Ben Smithurst
32e5e4cfc3 more removal of trailing periods from SEE ALSO. 2000-11-15 16:44:24 +00:00
Ruslan Ermilov
ecd1fe62de Suggest looking at rc.conf(5) on how to start natd(8) during boot.
Submitted by:	dcs
2000-07-17 10:06:54 +00:00
Kris Kennaway
04d06bb686 Don't call warn() with no format string. 2000-07-10 08:14:18 +00:00
Ruslan Ermilov
f685a909b5 "Ease understanding" of how -punch_fw works.
Reviewed by:	sheldonh
2000-06-29 09:52:14 +00:00