Commit Graph

121 Commits

Author SHA1 Message Date
sobomax
80e6f3156a Furthermore condition IP waiting behaviour also on -dynamic flag.
This should preserve POLA in all other cases (foreground || non-dynamic).

MFC after:	2 weeks
2011-04-18 23:45:50 +00:00
sobomax
b756d7087c Only wait for the IP to appear on the interface if natd is running in the
background.

Suggested by:   Garrett Cooper <yanegomi@gmail.com>

Use EAGAIN instead of magic value of -2 to report this condition from the
SetAliasAddressFromIfName routine.

MFC after:	2 weeks
2011-04-18 23:15:29 +00:00
sobomax
169935c85b If we can retrieve interface address sleep for one second and try again.
This can happen during start-up, when natd starts before dhclient has a
chance to receive IP address from the upstream provider.

MFC after:	2 weeks
2011-04-17 06:05:37 +00:00
ed
ebbfa5188a Raise WARNS for various tools where possible.
Submitted by:	Marius Nünnerich <marius@nuenneri.ch>
2010-01-17 21:56:27 +00:00
ed
28ce486337 Mute some (hidden) warnings about old-style function definitions.
Submitted by:	Marius Nünnerich <marius nuenneri ch>
2010-01-17 21:53:41 +00:00
antoine
bfd388c026 (S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.

PR:		137213
Submitted by:	Eygene Ryabinkin (initial version)
MFC after:	1 month
2009-12-28 22:56:30 +00:00
rik
4df9b50afc Check rule numbers against maximum value to avoid rules cleanup due
to overflow.

MFC after:	5 days.
2008-09-06 17:26:52 +00:00
mav
2ee7f37628 Add exit_delay parameter to control daemon exit delay after signal.
PR:		bin/58696
Submitted by:	sp@alkor.ru
2008-06-22 22:14:02 +00:00
mav
6aae4674ed Use strdup() instead of static buffer allocation to avoid 128 bytes limit
on -redirect_XXX arguments length.

PR:		bin/86647
Submitted by:	Stephen Hurd <shurd@sasktel.net>
2008-06-22 21:22:25 +00:00
brian
36fee0c28d Don't abend if we get ENOMEM from sysctl(3). The data returned
is sufficient

MFC after:	2 weeks
2008-06-06 08:59:55 +00:00
ru
cd3c6606b0 Improve rev. 1.63. Document -instance and -globalport options.
Add a MULTIPLE INSTANCES section which provides an example of
setting up natd in multi-instance mode (based on the notes.natd
file from phk@).

Submitted by:	"Andrey V. Elsukov" <bu7cher@yandex.ru>
Reviewed by:	ru
2008-02-04 15:27:09 +00:00
trhodes
c7b288f98d Note that the punch_fw option does not work in securelevel 3 and Xref init.8.
Bump .Dd.

PR:		41807
2008-01-21 23:09:18 +00:00
maxim
1eb231d8e9 o Markup and grammar fixes. 2007-12-14 14:34:26 +00:00
ceri
ebbb79756a Bump .Dd for r1.63; fix small nit from the same. 2007-12-10 12:03:23 +00:00
phk
4b233f446d Add a bit more detailed description about a configuration
file format and about using NAT "instances".

Submitted by: "Andrey V. Elsukov" <bu7cher@yandex.ru>
2007-12-10 07:50:07 +00:00
piso
5582e56d9d Summer of Code 2005: improve libalias - part 1 of 2
With the first part of my previous Summer of Code work, we get:

-made libalias modular:

 -support for 'particular' protocols (like ftp/irc/etcetc) is no more
  hardcoded inside libalias, but it's available through external
  modules loadable at runtime

 -modules are available both in kernel (/boot/kernel/alias_*.ko) and
  user land (/lib/libalias_*)

 -protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
  skinny and smedia

-added logging support for kernel side

-cleanup

After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.

During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.

User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.

The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).

General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.

NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.

Approved by: glebius
Reviewed by: glebius, ru
2006-09-26 23:26:53 +00:00
delphij
4497410a32 WARNS=6 and gcc4 cleanup:
- Use const where necessary
	- Use __unused where applicable
	- Rename variables that is conflicit with global definations
2005-05-02 10:13:38 +00:00
ru
d26afd541d Eliminate macro calls inside literal displays. 2005-01-15 12:28:01 +00:00
trhodes
26b9d00584 Remove unused variable. 2005-01-08 22:47:10 +00:00
phk
704b01603a Give natd multi-instance capabilities.
This makes it possible to do load-sharing on two xDSL lines etc.
2004-07-04 12:53:54 +00:00
hmp
b8388ce606 Use strlcpy(3) instead of strcpy(3).
PR:          	46761

Philipp Mergenthaler <philipp.mergenthaler@stud.uni-karlsruhe.de>
2004-05-10 22:33:12 +00:00
luigi
ce58934c26 Replace ROUNDUP/ADVANCE with SA_SIZE 2004-04-13 11:24:43 +00:00
johan
31854a224a style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
marcus
e19a1e64d2 Add Cisco Skinny Station protocol support to libalias, natd, and ppp.
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers.  With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.

Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.

PR:		55843
Reviewed by:	ru
Approved by:	ru
MFC after:	30 days
2003-09-23 07:41:55 +00:00
ru
44bb8d5b2a - Clarify the port range syntax in -redirect_port.
PR:	docs/46286

- "IP number" -> "IP address", for consistency.
2003-08-13 15:13:33 +00:00
ru
4618cdf9bb Added an option to specify an alternate PID file.
PR:		bin/37159
Submitted by:	"Aleksandr A. Babaylov" <.@babolo.ru>
2003-08-13 13:16:19 +00:00
ru
50a7b0b9b4 If the -proxy_only option is used, the -alias_address/-interface
options are not required.

Suggested by:	Vaclav Petricek
MFC after:	2 weeks
2003-06-13 22:15:42 +00:00
ru
bd0614a3d1 Don't pretend natd(8) doesn't work with ppp(8) interfaces.
While there's probably a better way to achieve the same,
nothing precludes us from using natd(8) on tun(4) links.

Noticed by:	bde
2003-02-28 15:41:45 +00:00
charnier
c142aa48bd Use a more standard error message. Add FBSDID.
Reviewed by:	ru
2003-02-05 20:08:39 +00:00
ru
b0520b835c Fixed Charles' e-mail here too. 2003-01-23 08:35:21 +00:00
schweikh
d3367c5f5d Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
ru
dfc3706596 can not -> cannot. 2002-08-13 14:10:36 +00:00
ru
07e77e0463 mdoc(7) police: canonize FreeBSD in e-mail address. 2002-08-13 12:07:40 +00:00
charnier
a2accd01f0 The .Nm utility 2002-07-06 19:34:18 +00:00
archie
b4544af31a Update my email address. 2002-07-03 20:50:32 +00:00
ru
27cb1b2c9f I don't know what the MAINTAINER means in src/ part of FreeBSD.
I'll still be overseeing the changes that go into natd(8) and
will maintain it the way I see it, non-preventing for the rest
of developers.

I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets
defined.
2002-04-12 19:11:09 +00:00
ru
40e62ac22c Back out part of the revision 1.2 changes -- sendto(2) can
not return ENOBUFS for unreliable protocols like divert.

This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.

Spotted by:	chkno@dork.com
Explained by:	luigi
Reviewed by:	Ari Suutari <ari.suutari@syncrontech.com>
MFC after:	2 weeks
2002-01-15 17:07:56 +00:00
ru
7f320fa871 s/sysctl -w/sysctl/ 2001-12-11 08:29:10 +00:00
obrien
9baf2f1b03 Default to WARNS=2.
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
2001-12-04 02:19:58 +00:00
ru
e129a9f15e Make -log_ipfw_denied active by default with -verbose.
Discussed with:	phk
2001-11-27 11:06:02 +00:00
ru
3c293c52fd Fixed (local) style bugs in previous revision. 2001-11-27 11:00:16 +00:00
phk
10fe9ee3d2 Do not uselessly whine in syslog about packets denied by ipfw rules.
Set 'log_ipfw_denied' option if you want the old behaviour.

PR:	30255
Submitted by:	Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by:	phk
MFC after:	4 weeks
2001-10-31 16:08:49 +00:00
ru
4345758876 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
ru
7cef49ff86 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
joe
1f2cf25ced Revert the previous commit on objection from the maintainer. I
missed that natd has a -v option that will give similar functionality.

Requested by:	ru
2001-06-21 12:32:36 +00:00
joe
687340bf5d When reporting that a packet can't be written back, usually because
of a restrictive firewall rule, also report detail on the packet
that caused the failure.

MFC after:	3 days
2001-06-21 10:28:40 +00:00
ru
2d1b95a96f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
ru
86642a4ab4 - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:33:27 +00:00
ru
56b5d7535b Set the default manual section for sbin/ to 8. 2001-03-20 18:13:31 +00:00
ru
8a6f8b5fe4 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00