Commit Graph

190 Commits

Author SHA1 Message Date
marcus
42daf70603 Fix TFTP NAT support by making sure the appropriate fingerprinting checks
are done.

Reviewed by:	piso
2006-11-07 21:06:48 +00:00
ru
da24a0b645 Merge the rest of my changes. 2006-10-11 07:11:56 +00:00
piso
862e1ed026 Various mdoc and grammar fixes.
Approved by: glebius
Reviewed by: glebius, ru
2006-10-08 13:53:45 +00:00
piso
f925eb73aa Compilation. 2006-09-27 02:08:44 +00:00
piso
5582e56d9d Summer of Code 2005: improve libalias - part 1 of 2
With the first part of my previous Summer of Code work, we get:

-made libalias modular:

 -support for 'particular' protocols (like ftp/irc/etcetc) is no more
  hardcoded inside libalias, but it's available through external
  modules loadable at runtime

 -modules are available both in kernel (/boot/kernel/alias_*.ko) and
  user land (/lib/libalias_*)

 -protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
  skinny and smedia

-added logging support for kernel side

-cleanup

After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.

During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.

User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.

The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).

General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.

NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.

Approved by: glebius
Reviewed by: glebius, ru
2006-09-26 23:26:53 +00:00
maxim
3463a7b118 o Kill BUGS section as it is not valid since rev. 1.4 alias_pptp.c.
Spotted by:	ru.unix.bsd activists
MFC after:	1 week
2006-07-04 20:39:38 +00:00
ru
7aa2a06ebf Fix prototype. 2005-11-24 14:17:35 +00:00
andre
c4178ac83e Use monotonic 'time_uptime' instead of 'time_second' as timebase
for timeouts.
2005-09-19 22:31:45 +00:00
phk
4df35786e2 Libalias incorrectly applies proxy rules to the global divert
socket: it should only look for existing translation entries,
not create new ones (no matter how it got the idea).

Approved by:	re(scottl)
2005-06-27 22:21:42 +00:00
glebius
c6e57e046e Disable checksum processing in LibAlias, when it works as a
kernel module. LibAlias is not aware about checksum offloading,
so the caller should provide checksum calculation. (The only
current consumer is ng_nat(4)). When TCP packet internals has
been changed and it requires checksum recalculation, a cookie
is set in th_x2 field of TCP packet, to inform caller that it
needs to recalculate checksum. This ugly hack would be removed
when LibAlias is made more kernel friendly.

Incremental checksum updates are left as is, since they don't
conflict with offloading.

Approved by:	re (scottl)
2005-06-27 07:36:02 +00:00
glebius
5b74333367 - Don't use legacy function in a non-legacy one. This gives us
possibility to compile libalias without legacy support.
- Use correct way to mark variable as unused.

Approved by:	re (dwhite)
2005-06-20 08:31:48 +00:00
glebius
62a51b2dbf Add a workaround for 64-bit archs: store unsigned long return value in
temporary variable, check it and then cast to in_addr_t.
2005-05-06 13:01:31 +00:00
glebius
3eab4ba5cc s/DEBUG/LIBALIAS_DEBUG/, since DEBUG is defined in LINT and
not supported for kernel build.
2005-05-06 11:07:49 +00:00
glebius
225ea2fb02 More bits for kernel version:
- copy inet_aton() from libc
- disable getservbyname() lookup and accept only numeric port
2005-05-05 22:00:32 +00:00
glebius
32b37f4983 Always include alias.h before alias_local.h 2005-05-05 21:55:17 +00:00
glebius
98fced80c8 When used in kernel define NO_FW_PUNCH, NO_LOGGING, NO_USE_SOCKETS. 2005-05-05 21:53:17 +00:00
glebius
fa23219cf2 Fix argument order for bcopy() in last commit.
Noticed by:	njl
Pointy hat to:	glebius
2005-05-05 21:40:49 +00:00
glebius
dfbc79ffbf Use bcopy() instead of memmove(). 2005-05-05 21:10:51 +00:00
glebius
e31c062e0b Hide fflush(3) under ifdef DEBUG. 2005-05-05 21:07:34 +00:00
glebius
d1dba4a851 Things required to build libalias as kernel module:
- kernel module declarations and handler.
- macros to map malloc(3) calls to malloc(9) ones.
- malloc(9) declarations.
- call finishoff() from module handler MOD_UNLOAD case
  instead of atexit(3).
- use panic(9) instead of abort(3)
- take time from time_second instead of gettimeofday(2)
- define INADDR_NONE
2005-05-05 21:05:38 +00:00
glebius
81aed9a0a8 Add NO_USE_SOCKETS knob, which cuts off functionality socket binding. 2005-05-05 20:25:12 +00:00
glebius
497e6391d0 Add NO_LOGGING knob, which cuts off functionality of debug logging to a file. 2005-05-05 20:22:09 +00:00
glebius
89e40708a1 Play with includes so that libalias can be compiled both as userland
library and kernel module.
2005-05-05 19:27:32 +00:00
glebius
a0f1ce3be1 Cleanup IPFW2 ifdefs. 2005-05-04 13:24:37 +00:00
glebius
6d827336e9 Makefile is not needed here. 2005-05-04 13:24:12 +00:00
phk
063486ce84 natd core dumps when -reverse switch is used because of a bug in
libalias.

In /usr/src/lib/libalias/alias.c, the functions LibAliasIn and
LibAliasOutTry call the legacy PacketAliasIn/PacketAliasOut instead
of LibAliasIn/LibAliasOut when the PKT_ALIAS_REVERSE option is set.
In this case, the context variable "la" gets lost because the legacy
compatibility routines expect "la" to be global.  This was obviously
an oversight when rewriting the PacketAlias* functions to the
LibAlias* functions.

The fix (as shown in the patch below) is to remove the legacy
subroutine calls and replace with the new ones using the "la" struct
as the first arg.

Submitted by:	Gil Kloepfer <fgil@kloepfer.org>
Confirmed by:	<nicolai@catpipe.net>
PR:		76839
MFC after:	3 days
2005-04-05 13:04:35 +00:00
marcus
49e020aaeb Fix a problem in the Skinny ALG where a specially crafted packet could cause
a libalias application (e.g.  natd, ppp, etc.) to crash.  Note: Skinny support
is not enabled in natd or ppp by default.

Approved by:	secteam (nectar)
MFC after:	1 day
Secuiryt:	This fixes a remote DoS exploit
2005-03-03 03:06:37 +00:00
ru
ed72feddcb Sort sections. 2005-01-20 09:17:07 +00:00
brian
4396a151dc include "alias.h", not <alias.h>
MFC after:	3 days
2005-01-10 10:54:06 +00:00
ru
5db2b9d5b3 For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
phk
271672aa9c Fix outgoing ICMP on global instance. 2004-08-14 14:21:09 +00:00
marcus
c8262f39d1 Fix Skinny and PPTP NAT'ing after the introduction of the {ip,tcp,udp}_next
functions.  Basically, the ip_next() function was used to get the PPTP and
Skinny headers when tcp_next() should have been used instead.  Symptoms of
this included a segfault in natd when trying to process a PPTP or Skinny
packet.

Approved by:	des
2004-08-04 15:17:08 +00:00
des
9d07523073 Push WARNS back up to 6, but define NO_WERROR; I want the warts out in the
open where people can see them and hopefully fix them.
2004-07-06 12:15:24 +00:00
des
93180ebf2d Introduce inline {ip,udp,tcp}_next() functions which take a pointer to an
{ip,udp,tcp} header and return a void * pointing to the payload (i.e. the
first byte past the end of the header and any required padding).  Use them
consistently throughout libalias to a) reduce code duplication, b) improve
code legibility, c) get rid of a bunch of alignment warnings.
2004-07-06 12:13:28 +00:00
des
c05f2ebe92 Rewrite twowords() to access its argument through a char pointer and not
a short pointer.  The previous implementation seems to be in a gray zone
of the C standard, and GCC generates incorrect code for it at -O2 or
higher on some platforms.
2004-07-06 09:22:18 +00:00
des
4e760d4fc8 Temporarily lower WARNS to 3 while I figure out the alignment issues on
alpha.
2004-07-06 08:44:41 +00:00
des
75b8ca2286 Make libalias WARNS?=6-clean. This mostly involves renaming variables
named link, foo_link or link_foo to lnk, foo_lnk or lnk_foo, fixing
signed / unsigned comparisons, and shoving unused function arguments
under the carpet.

I was hoping WARNS?=6 might reveal more serious problems, and perhaps
the source of the -O2 breakage, but found no smoking gun.
2004-07-05 11:10:57 +00:00
des
831b8f89db Parenthesize return values. 2004-07-05 10:55:23 +00:00
des
0518dc3818 Mechanical whitespace cleanup. 2004-07-05 10:53:28 +00:00
phk
112a83894d Add LibAliasOutTry() which checks a packet for a hit in the tables, but
does not create a new entry if none is found.
2004-07-04 12:53:07 +00:00
ru
01548ace15 Mechanically kill hard sentence breaks. 2004-07-02 23:52:20 +00:00
ru
a0dce18ba8 Bumped document date.
Fixed markup.
Fixed examples to match the new API.
2004-07-01 17:51:48 +00:00
deischen
a883ccc958 Unbreak natd.
Reported and submitted by:	Sean McNeil (sean at mcneil.com)
2004-04-02 17:57:57 +00:00
des
38842c29ce Raise WARNS level to 2. 2004-03-31 21:33:55 +00:00
des
2209468b0e Deal with aliasing warnings.
Reviewed by:	ru
Approved by:	silence on the lists
2004-03-31 21:32:58 +00:00
des
3cb81148d8 Run through indent(1) so I can read the code without getting a headache.
The result isn't quite knf, but it's knfer than the original, and far
more consistent.
2004-03-16 21:30:41 +00:00
phk
7948e91c15 Mostly mechanical rework of libalias:
Makes it possible to have multiple packet aliasing instances in a
single process by moving all static and global variables into an
instance structure called "struct libalias".

Redefine a new API based on s/PacketAlias/LibAlias/g

Add new "instance" argument to all functions in the new API.

Implement old API in terms of the new API.
2004-01-17 10:52:21 +00:00
marcus
7035863aec Grrr...add the Skinny alias code forgotten in the last commit. 2003-09-23 07:42:33 +00:00
marcus
e19a1e64d2 Add Cisco Skinny Station protocol support to libalias, natd, and ppp.
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers.  With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.

Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.

PR:		55843
Reviewed by:	ru
Approved by:	ru
MFC after:	30 days
2003-09-23 07:41:55 +00:00
ru
421fdf157c Fixed -Wpointer-arith warning.
Submitted by:	Stefan Farfeleder
PR:		bin/56653
2003-09-09 23:50:57 +00:00