Commit Graph

3577 Commits

Author SHA1 Message Date
Ruslan Ermilov
483d2f2296 Add support for multiple PPTP sessions:
- new API function: PacketAliasRedirectPptp()
- new mode bit: PKT_ALIAS_DENY_PPTP

Please see manual page for details.
2000-04-18 10:18:21 +00:00
Kris Kennaway
14b42810e1 Document the libpam dependency on libopie
Reminded by:	bde
2000-04-18 06:13:06 +00:00
David E. O'Brien
c815a20cb2 Change our ELF binary branding to something more acceptable to the Binutils
maintainers.

After we established our branding method of writing upto 8 characters of
the OS name into the ELF header in the padding; the Binutils maintainers
and/or SCO (as USL) decided that instead the ELF header should grow two new
fields -- EI_OSABI and EI_ABIVERSION.  Each of these are an 8-bit unsigned
integer.  SCO has assigned official values for the EI_OSABI field.  In
addition to this, the Binutils maintainers and NetBSD decided that a better
ELF branding method was to include ABI information in a ".note" ELF
section.

With this set of changes, we will now create ELF binaries branded using
both "official" methods.  Due to the complexity of adding a section to a
binary, binaries branded with ``brandelf'' will only brand using the
EI_OSABI method.  Also due to the complexity of pulling a section out of an
ELF file vs. poking around in the ELF header, our image activator only
looks at the EI_OSABI header field.

Note that a new kernel can still properly load old binaries except for
Linux static binaries branded in our old method.

  *
  * For a short period of time, ``ld'' will also brand ELF binaries
  * using our old method.  This is so people can still use kernel.old
  * with a new world.  This support will be removed before 5.0-RELEASE,
  * and may not last anywhere upto the actual release.  My expiration
  * time for this is about 6mo.
  *
2000-04-18 02:39:26 +00:00
Kris Kennaway
acf3af98c9 Connect pam_opie to the build. 2000-04-17 00:19:30 +00:00
Kris Kennaway
01331fc70c Add pam_opie, a PAM module using the OPIE one-time-password scheme.
Submitted by:	Jim Bloom <bloom@acm.org>
2000-04-17 00:14:42 +00:00
Jonathan Lemon
d707aa564d Remove unneeded #include 2000-04-16 17:36:48 +00:00
Steve Price
4f9bc6c6b7 Don't try to compile in INET6 support when NOINET6 is defined. 2000-04-15 20:45:52 +00:00
Ruslan Ermilov
b5e819ec23 Apply TCP_EXPIRE_CONNECTED (86400 seconds) timeout only to established
connections, after SYN packets were seen from both ends.  Before this,
it would get applied right after the first SYN packet was seen (either
from client or server).  With broken TCP connection attempts, when the
remote end does not respond with SYNACK nor with RST, this resulted in
having a useless (ie, no actual TCP connection associated with it) TCP
link with 86400 seconds TTL, wasting system memory.  With high rate of
such broken connection attempts (for example, remote end simply blocks
these connection attempts with ipfw(8) without sending RST back), this
could result in a denial-of-service.

PR:		bin/17963
2000-04-14 15:34:55 +00:00
Ruslan Ermilov
a29006665c A complete reformatting of manual page. 2000-04-13 14:04:01 +00:00
Ruslan Ermilov
f167e54283 Make partially specified permanent links without `dst_addr'
but with `dst_port' work for outgoing packets.

This case was not handled properly when I first fixed this
in revision 1.17.

This change is also required for the upcoming improved PPTP
support patches -- that is how I found the problem.

Before this change:

# natd -v -a aliasIP \
  -redirect_port tcp localIP:localPORT publicIP:publicPORT 0:remotePORT

Out [TCP]  [TCP] localIP:localPORT -> remoteIP:remotePORT aliased to
           [TCP] aliasIP:localPORT -> remoteIP:remotePORT

After this change:

# natd -v -a aliasIP \
  -redirect_port tcp localIP:localPORT publicIP:publicPORT 0:remotePORT

Out [TCP]  [TCP] localIP:localPORT -> remoteIP:remotePORT aliased to
           [TCP] publicIP:publicPORT -> remoteIP:remotePORT
2000-04-12 18:44:50 +00:00
Andrey A. Chernov
70c1e1b6d9 Add comment after locales
Use .Li for type

Suggested-by: sheldonh
2000-04-12 18:38:30 +00:00
Jeroen Ruigrok van der Werven
1c7ac7e759 Fix typo, reported by George Cox.
Fix hard sentence breaks.

Submitted by:	George Cox <gjvc@sophos.com>
2000-04-12 13:38:26 +00:00
Sheldon Hearn
96e88366a2 Do proper byte swapping in 64bit routines.
PR:		17681
Submitted by:	"David E. Cross" <crossd@cs.rpi.edu>
Obtained from:	NetBSD
2000-04-12 08:41:16 +00:00
Andrey A. Chernov
199b1670eb Better wording according to multibyte(3)
Better man formatting
Add reference to multibyte(3)
2000-04-11 14:41:37 +00:00
Poul-Henning Kamp
aad4b9d1e8 Add a missing THREAD_UNLOCK() found missing by Valentin Nechayev
<netch@segfault.kiev.ua>

Remove allocation failure check from 'A' option, the 'X' option does
this as a standalone check now.
2000-04-10 09:24:44 +00:00
Archie Cobbs
2d6fdfda46 Document EWOULDBLOCK as a possible errno return value. 2000-04-09 19:10:57 +00:00
Paul Saab
b1875374d3 Break out sendudp and readudp from net.c. This is for PXE, so it
can use its own UDP interface.
2000-04-08 01:18:04 +00:00
Ruslan Ermilov
67b333b7e4 - Add support for FTP EPRT (RFC 2428) command.
- Minor optimizations.
- Minor spelling fixes.

PR:		14305
Submitted by:	ume
Rewritten by:	ru
2000-04-06 15:54:52 +00:00
Ruslan Ermilov
680c8244a9 - Remove unused includes.
- Minor spelling fixes.
- Make IcmpAliasOut2() really work.

Before this change:

# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P
natd[87923]: Aliasing to A.A.A.A, mtu 1500 bytes
In  [UDP]  [UDP] X.X.X.X:49562 -> P.P.P.P:50000 aliased to
           [UDP] X.X.X.X:49562 -> 192.168.1.1:50000
Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to
           [ICMP] A.A.A.A -> X.X.X.X 3(3)

# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)"
tcpdump: listening on PUB_IFACE
X.X.X.X.49562 > P.P.P.P.50000: udp 3
A.A.A.A > X.X.X.X: icmp: A.A.A.A udp port 50000 unreachable

After this change:

# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P
natd[89360]: Aliasing to A.A.A.A, mtu 1500 bytes
In  [UDP]  [UDP] X.X.X.X:49563 -> P.P.P.P:50000 aliased to
           [UDP] X.X.X.X:49563 -> 192.168.1.1:50000
Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to
           [ICMP] P.P.P.P -> X.X.X.X 3(3)

# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)"
tcpdump: listening on PUB_IFACE
X.X.X.X.49563 > P.P.P.P.50000: udp 3
P.P.P.P > X.X.X.X: icmp: P.P.P.P udp port 50000 unreachable
2000-04-05 14:27:34 +00:00
Ruslan Ermilov
79eef4b611 - Moved NULL definition into private include file.
- Minor spelling fixes.
2000-04-05 14:23:42 +00:00
Ruslan Ermilov
91cc2995af Minor spelling fixes. 2000-04-05 07:45:39 +00:00
Brian Somers
3e6ac25bd6 Correct Charles Mott's email address
Requested by: Charles Mott <cmott@scientech.com>
2000-04-02 20:16:45 +00:00
Yoshinobu Inoue
f018cfad89 Replace the prefix for yylval to less confusing one.
(Sorry, this should be committed with previous commit to Makefile.)
2000-04-02 05:08:07 +00:00
Yoshinobu Inoue
1f0118b915 Replace the prefix for yylval to less confusing one.
Suggested by: bruce
2000-04-01 22:28:36 +00:00
Brian Somers
5dd44916b7 Allow PacketAliasSetTarget() to be passed the following:
INADDR_NONE:   Incoming packets go to the alias address (the default)
  INADDR_ANY:    Incoming packets are not NAT'd (direct access to the
                 internal network from outside)
  anything else: Incoming packets go to the specified address

Change a few inaddr::s_addr == 0 to inaddr::s_addr == INADDR_ANY
while I'm there.
2000-03-31 20:36:29 +00:00
Jacques Vidrine
91a594d823 Change the return value of kvm_read/kvm_write to be -1 on error, to
match the documented interface.

Previously it returned 0 on error.

PR:		bin/10511
2000-03-31 15:04:25 +00:00
Brian Somers
1c4e6d2544 When an incoming packet is received that is not specifically
redirected and when no target address has been specified, NAT
the destination address to the alias address rather than
allowing people direct access to your internal network from
outside.
2000-03-31 14:03:37 +00:00
KATO Takenori
7e9e421193 Changes for PC-98. 2000-03-29 15:10:28 +00:00
Kris Kennaway
e31adaffd9 Fix a memory leak.
PR:		17360
Submitted by:	Andrew J. Korty <ajk@iu.edu>
2000-03-29 08:24:37 +00:00
Brian Feldman
fe69f87383 Actually, ${LIBY}/-ly aren't needed either. This should finish unbreaking
the world build.
2000-03-29 00:54:06 +00:00
Andrey A. Chernov
1c0a1964ab Back out valid argument domain change - sneak to this function by error.
Reword test condition better. Previous variant was true for negative
characters too.
2000-03-28 11:46:40 +00:00
Yoshinobu Inoue
4b89b76f24 Remove libl related dependencies, because it is not necessary, and even more,
it cause building world failure.

Specified by: Nickolay Dudorov <nnd@mail.nsk.ru>
2000-03-28 11:41:18 +00:00
Andrey A. Chernov
4c48fdaf53 Describe valid argument domain for 8-bit wide locales to prevent common error
calling ctype functions with signed char as an argument.
2000-03-28 11:36:31 +00:00
Bruce Evans
e915afdee4 Fixed missing libraries in DPADD.
Fixed some style bugs (some usual ones for DPADD and LDADD, and
misformatting of $FreeBSD$).
2000-03-27 15:24:45 +00:00
Bruce Evans
e39c55ae3e Fixed missing DPADD.
Fixed style bug for LDADD (don't use += for variables defined only once).
2000-03-27 15:16:06 +00:00
David E. O'Brien
d6f56cfc4f MFS: Add a "magic" comment to help fixincludes realize it doesn't need to
modify this file when building GCC 2.96 [by hand or via the port].

Submitted by:	Zack Weinberg <zack@wolery.cumb.org>
2000-03-27 02:04:45 +00:00
David E. O'Brien
b787589098 -Wall, which caught a real bug where buflen wasn't being set properly. 2000-03-27 00:33:45 +00:00
Jonathan Lemon
6134837824 Decrement the timeout being passed to poll() if poll was interrupted for
some reason.  This will prevent an infinite loop if (say) a sigalarm is
being scheduled at a more frequent interval than the poll timeout.

PR:	2191, 8847, 10553
2000-03-26 19:20:50 +00:00
Philippe Charnier
f25c63af03 Spelling, fprintf -> err, remove unneeded variable declaration 2000-03-26 15:18:12 +00:00
Philippe Charnier
c0154e9a31 lowercase error message 2000-03-26 15:14:16 +00:00
Mike Pritchard
292bf7190f Fix some spelling errors. 2000-03-24 00:58:49 +00:00
Hajimu UMEMOTO
9ed4e87cad Return IPv4 native address for IPv4 mapped IPv6 address, even if
A RR is not found.

Reviewed by:	shin
2000-03-23 17:25:00 +00:00
Bruce Evans
84ee83efc7 Fixed missing #include of <sys/types.h> in synopsis.
Fixed spelling error in prototype for inet_option_space().
Fixed syntax error in prototype for inet6_option_alloc().
2000-03-23 16:29:05 +00:00
Bruce Evans
1025a2007f Fixed missing #include of <sys/types.h> in synopsis. 2000-03-23 16:20:20 +00:00
Bruce Evans
e92393ba2b Fixed wrong arg type in synopsis. 2000-03-23 15:28:30 +00:00
Jason Evans
070dac0827 Add a man page for aio_waitcomplete(). Update the aio_cancel() man page to
reflect the fact that aio_cancel() works now.

Submitted by:	Christopher Sedore <cmsedore@maxwell.syr.edu>
2000-03-21 10:25:22 +00:00
Brian Somers
9da582e318 Make _FindLinkIn() static and only define GetDestPort when
NO_FW_PUNCH isn't defined.
2000-03-19 09:11:05 +00:00
Jason Evans
7e5e179982 Explicitly include sys/cdefs.h to get the definition of __strong_reference(),
rather than getting lucky due to header dependencies.
2000-03-18 22:36:46 +00:00
Brian S. Dean
a9f9141ca5 Back out that last commit, it may be insecure (pointed out by Warner
Losh).
2000-03-16 23:53:41 +00:00
Brian S. Dean
9c8e9b4a14 Slight adjustment to __ivaliduser() - don't ignore the last line in
the .rhosts file just because there is no ending linefeed.
2000-03-16 22:58:34 +00:00