Commit Graph

52 Commits

Author SHA1 Message Date
Alexander Motin
b6365f959c Use strdup() instead of static buffer allocation to avoid 128 bytes limit
on -redirect_XXX arguments length.

PR:		bin/86647
Submitted by:	Stephen Hurd <shurd@sasktel.net>
2008-06-22 21:22:25 +00:00
Brian Somers
ec95e4c235 Don't abend if we get ENOMEM from sysctl(3). The data returned
is sufficient

MFC after:	2 weeks
2008-06-06 08:59:55 +00:00
Paolo Pisati
be4f3cd0d9 Summer of Code 2005: improve libalias - part 1 of 2
With the first part of my previous Summer of Code work, we get:

-made libalias modular:

 -support for 'particular' protocols (like ftp/irc/etcetc) is no more
  hardcoded inside libalias, but it's available through external
  modules loadable at runtime

 -modules are available both in kernel (/boot/kernel/alias_*.ko) and
  user land (/lib/libalias_*)

 -protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
  skinny and smedia

-added logging support for kernel side

-cleanup

After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.

During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.

User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.

The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).

General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.

NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.

Approved by: glebius
Reviewed by: glebius, ru
2006-09-26 23:26:53 +00:00
Xin LI
48ce8ca1aa WARNS=6 and gcc4 cleanup:
- Use const where necessary
	- Use __unused where applicable
	- Rename variables that is conflicit with global definations
2005-05-02 10:13:38 +00:00
Tom Rhodes
7cde7ca209 Remove unused variable. 2005-01-08 22:47:10 +00:00
Poul-Henning Kamp
22c624779b Give natd multi-instance capabilities.
This makes it possible to do load-sharing on two xDSL lines etc.
2004-07-04 12:53:54 +00:00
Hiten Pandya
e53f7998da Use strlcpy(3) instead of strcpy(3).
PR:          	46761

Philipp Mergenthaler <philipp.mergenthaler@stud.uni-karlsruhe.de>
2004-05-10 22:33:12 +00:00
Luigi Rizzo
0b46c08590 Replace ROUNDUP/ADVANCE with SA_SIZE 2004-04-13 11:24:43 +00:00
Joe Marcus Clarke
b07fbc17e9 Add Cisco Skinny Station protocol support to libalias, natd, and ppp.
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers.  With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.

Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.

PR:		55843
Reviewed by:	ru
Approved by:	ru
MFC after:	30 days
2003-09-23 07:41:55 +00:00
Ruslan Ermilov
b79840a6db Added an option to specify an alternate PID file.
PR:		bin/37159
Submitted by:	"Aleksandr A. Babaylov" <.@babolo.ru>
2003-08-13 13:16:19 +00:00
Ruslan Ermilov
3d23e8b897 If the -proxy_only option is used, the -alias_address/-interface
options are not required.

Suggested by:	Vaclav Petricek
MFC after:	2 weeks
2003-06-13 22:15:42 +00:00
Philippe Charnier
29e3edcc64 Use a more standard error message. Add FBSDID.
Reviewed by:	ru
2003-02-05 20:08:39 +00:00
Jens Schweikhardt
9d5abbddbf Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
Ruslan Ermilov
3daff2423f Back out part of the revision 1.2 changes -- sendto(2) can
not return ENOBUFS for unreliable protocols like divert.

This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.

Spotted by:	chkno@dork.com
Explained by:	luigi
Reviewed by:	Ari Suutari <ari.suutari@syncrontech.com>
MFC after:	2 weeks
2002-01-15 17:07:56 +00:00
Ruslan Ermilov
c0956cf876 Make -log_ipfw_denied active by default with -verbose.
Discussed with:	phk
2001-11-27 11:06:02 +00:00
Ruslan Ermilov
3843533e18 Fixed (local) style bugs in previous revision. 2001-11-27 11:00:16 +00:00
Poul-Henning Kamp
84ef95bd6e Do not uselessly whine in syslog about packets denied by ipfw rules.
Set 'log_ipfw_denied' option if you want the old behaviour.

PR:	30255
Submitted by:	Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by:	phk
MFC after:	4 weeks
2001-10-31 16:08:49 +00:00
Josef Karthauser
d782daf041 Revert the previous commit on objection from the maintainer. I
missed that natd has a -v option that will give similar functionality.

Requested by:	ru
2001-06-21 12:32:36 +00:00
Josef Karthauser
dc2ea2d874 When reporting that a packet can't be written back, usually because
of a restrictive firewall rule, also report detail on the packet
that caused the failure.

MFC after:	3 days
2001-06-21 10:28:40 +00:00
Kris Kennaway
04d06bb686 Don't call warn() with no format string. 2000-07-10 08:14:18 +00:00
Ruslan Ermilov
bc4ebb98dc Added new option (-punch_fw) which allows to `punch holes'
in the ipfirewall(4) for incoming FTP/IRC DCC connections.

Submitted by:	Rene de Vries <rene@canyon.demon.nl>
Rewritten by:	ru
2000-06-27 15:26:24 +00:00
Ruslan Ermilov
dc1a022582 Remove ``pptpalias'' since this is now done transparently by libalias(3). 2000-06-20 12:52:27 +00:00
Ruslan Ermilov
b0f55af68f Remove unused parameter. 2000-06-16 09:41:57 +00:00
Ruslan Ermilov
11c2b3bf00 Add new option (-target_addr) to control how to deal with incoming packets
not associated with any pre-existing link.

Submitted by:	brian
2000-05-18 10:31:10 +00:00
Ruslan Ermilov
4330006d9e New option: -redirect_proto. 2000-05-03 15:06:45 +00:00
Josef Karthauser
30395bb5f1 Fixes a potential buffer overflow with the command line arguments.
Submitted by:   Mike Heffner <spock@techfour.net>
Submitted on:   audit@freebsd.org
2000-04-30 20:53:54 +00:00
Ruslan Ermilov
bd69051080 Load Sharing using IP Network Address Translation (RFC 2391, LSNAT). 2000-04-27 17:55:17 +00:00
Ruslan Ermilov
d99cc1da8a Remove the config file line length restriction.
PR:		16900
Reviewed by:	"Crist J. Clark" <cjclark@home.com>, jkh
Approved by:	jkh
2000-02-25 11:34:38 +00:00
Ruslan Ermilov
6f3dbe5e1a Now that kernel is capable of notifying user processes about
the interface MTU change (src/sys/net/if_sl.c,v 1.83), track
interface MTU with -dynamic option as well.

PR:		15494
2000-01-25 12:24:06 +00:00
Ruslan Ermilov
4c04fa4c1a ioctl -> sysctl for interface address changes.
PR:		14169
Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-10-13 09:00:16 +00:00
Ruslan Ermilov
f2da55a243 Do not defer setting of the aliasing address from
interface name if not operating in dynamic mode.

Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-09-28 08:01:46 +00:00
Ruslan Ermilov
2e7e7c71ef Config file parser changes:
- Trailing spaces and empty lines are ignored.
- A `#' sign will mark the remaining of the line as a comment.

Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-09-07 15:34:12 +00:00
Ruslan Ermilov
cd45c931f6 Allow signals to interrupt system calls.
Remove redundant signal() call.

PR:		6676
Submitted by:	luoqi
Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-09-02 15:17:25 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Archie Cobbs
eed2b804bf When incrementing through a SIOCGIFCONF list, enforce a lower limit of
sizeof(ifr->ifr_addr) for the variable length field ifr->ifr_addr.sa_len.
Otherwise the increment will be wrong in certain cases.

Obtained from:  Whistle source tree
For the record: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> suggests
                SIOCGIFCONF should be dropped in favor of a sysctl mechanism.
1999-06-05 05:55:07 +00:00
Brian Somers
29d97436c5 Oops - missing parenthesis 1999-05-13 17:09:44 +00:00
Brian Somers
9c501140f7 /sbin/natd portrange documentation and bugfix
Submitted by:	Ruslan Ermilov <ru@ucb.crimea.ua>
PR:		11690

3.2 candidate ?
1999-05-13 16:58:31 +00:00
Warner Losh
ebe70c8f68 More egcs warning fixes:
o main returns int not void
	o use braces to avoid potentially ambiguous else

Note: The fix to natd is potentially functional in nature since I used
the indentation as the right thing rather than the struct semantics.
Someone more familiar with the code should double check me on this one.

Reviewed by: obrien and chuckr
1999-04-25 22:33:30 +00:00
Brian Somers
f3d640240b Disable reads on our ICMP socket. We only use it for sending.
PR:	9253
1999-03-30 10:11:21 +00:00
Brian Somers
902cb50a76 Add some const-cleanliness and avoid some warnings. 1999-03-24 20:30:48 +00:00
Brian Somers
5d8ee958b3 Allow port ranges when specifying -redirect_port.
Submitted by:	Wes Santee <wes@bogon.net>
PR:		9696
1999-03-24 20:30:20 +00:00
Brian Somers
b71e869d29 Fix a diagnostic typo
Submitted by:  Martin Machacek <mm@i.cz>
1999-03-11 09:24:52 +00:00
Brian Somers
59a7c61374 Upgrade (almost) to natd 2.0b1
- Transparent proxy support.
  - PERMANENT_LINK IS NOW OBSOLETE, use redirect_port instead.
  - Drop support for early FreeBSD 2.2 versions
  - If separate input & output sockets are being used
    use them to find out packet direction instead of
    normal mechanism. This can be handy in complex environments
    with multiple interfaces.
  - PPTP redirect support by Dru Nelson <dnelson@redwoodsoft.com> added.
  - Logging enhancements from Martin Machacek <mm@i.cz> added.

Obtained from: Ari Suutari <ari@suutari.iki.fi>
1999-03-07 18:23:56 +00:00
Jordan K. Hubbard
f627793d19 Make this work with the new alias library since, evidently, we're
not providing the backwards-compatability routines in libalias anymore
(which I think may have been a mistake).
1999-02-27 22:37:38 +00:00
Alexander Langer
f13f9fada7 Typo/$Id$ police. 1997-12-27 19:31:11 +00:00
Brian Somers
67a886fb97 natd 1_10 => 1_11
Cosmetic style changes
  Use u_short for port values.
Submitted by:	Ari Suutari <ari@suutari.iki.fi>
1997-12-10 02:14:57 +00:00
Brian Somers
27c20503c6 Reverse my previous change and use htons() on an int
instead of htonl() !

This results in the int a,b,c,d changing to b,a,c,d,
but as it's subsequently coerced to a u_short, the
ultimate answer is correct.

If this isn't fixed properly soon (by the author) I'll
have a look at it again.

Noted by:	eivind & ari@suutari.iki.fi
1997-12-06 12:00:32 +00:00
Brian Somers
5ae6fac1d7 Use htonl() rather than htons(). 1997-11-13 11:43:02 +00:00
Philippe Charnier
0fc81af12d Use err(3). Change firewall to firewall_enable in man page according to
/etc/rc.conf.
1997-10-02 11:43:33 +00:00
Brian Somers
f9b06d5cbe Ingored incoming packets are now dropped when
deny_incoming option is set to yes.
Submitted by:	Ari Suutari <ari@suutari.iki.fi>
1997-09-06 11:14:03 +00:00