| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Minor spelling fixes.
- Make IcmpAliasOut2() really work.
Before this change:
# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P
natd[87923]: Aliasing to A.A.A.A, mtu 1500 bytes
In [UDP] [UDP] X.X.X.X:49562 -> P.P.P.P:50000 aliased to
[UDP] X.X.X.X:49562 -> 192.168.1.1:50000
Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to
[ICMP] A.A.A.A -> X.X.X.X 3(3)
# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)"
tcpdump: listening on PUB_IFACE
X.X.X.X.49562 > P.P.P.P.50000: udp 3
A.A.A.A > X.X.X.X: icmp: A.A.A.A udp port 50000 unreachable
After this change:
# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P
natd[89360]: Aliasing to A.A.A.A, mtu 1500 bytes
In [UDP] [UDP] X.X.X.X:49563 -> P.P.P.P:50000 aliased to
[UDP] X.X.X.X:49563 -> 192.168.1.1:50000
Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to
[ICMP] P.P.P.P -> X.X.X.X 3(3)
# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)"
tcpdump: listening on PUB_IFACE
X.X.X.X.49563 > P.P.P.P.50000: udp 3
P.P.P.P > X.X.X.X: icmp: P.P.P.P udp port 50000 unreachable
|
| |
|
|
|
|
| |
Requested by: eivind
Discussed with: eivind
Reviewed by: brian, eivind
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the words of originator:
:If an incoming connection is initiated through natd and deny_incoming is
:not set, then a new alias_link structure is created to handle the link.
:If there is nothing listening for the incoming connection, then the kernel
:responds with a RST for the connection. However, this is not processed
:correctly in libalias/alias.c:TcpMonitor{In,Out} and
:libalias/alias_db.c:SetState{In,Out} as it thinks a connection
:has been established and therefore applies a timeout of 86400 seconds
:to the link.
:
:If many of these half-connections are initiated (during, for example, a
:port scan of the host), then many thousands of unnecessary links are
:created and the resident size of natd balloons to 20MB or more.
PR: 13639
Reviewed by: brian
|
| |
|
|
| |
Approved by: brian (well, he approved adding $Id$)
|
| |
|
|
|
|
| |
product and Windows NT tunneling.
Submitted by: Chain Lee <chain@nortelnetworks.com>
|
| |
|
|
|
|
|
|
| |
is set.
Document PKT_ALIAS_REVERSE.
Pointed out by: Jonathan Hanna <jh@cr1003333-a.crdva1.bc.home.com>
PR: 12304
|
| |
|
|
| |
Reviewed by: eivind
|
| |
|
|
|
|
|
|
| |
- Transparent proxying support added.
- PPTP redirecting support added based on patches
contributed by Dru Nelson <dnelson@redwoodsoft.com>.
Submitted by: Charles Mott <cmott@srv.net>
|
| |
|
|
|
|
|
|
|
| |
Add bounds checking to netbios NS packet resolving code. This should
prevent natd from crashing on badly formed netbios packets (as might be
heard when the machine is sitting on a cable modem or certain DSL
networks), and also closes potential security holes that might have
exploited the lack of bounds checking in the previous version of the
code.
|
| |
|
|
|
| |
could I find anyone to test it, so please report any
problems to me.
|
| | |
|
| |
|
|
|
|
|
| |
DOMAIN as DOMAIN user through NAT function. See also RFC1002 for
futher detail of SMB structure.
Submitted by: Atsushi Murai <amurai@spec.co.jp>
|
| |
|
|
|
|
| |
(and those of us that don't want the functionality).
o Don't assume sizeof(long) == 4.
Ok'd by: Charles Mott <cmott@srv.net>
|
| |
|
|
|
| |
Obtained from: Yes development tree (+ 10 lines of patches from
Charles Mott, original libalias author)
|
| |
|
|
|
|
|
| |
Submitted by: Charles Mott <cmott@srv.net>
Add __libalias_version so that ppp can derive the
correct library name for dlopen()
|
| |
|
|
|
|
| |
functions should now be used. The old 2.1 stuff is
there for backwards compatability.
Submitted by: Charles Mott <cmott@snake.srv.net>
|
|
|
ppp (or will be shortly). Natd can now be updated to use
this library rather than carrying its own version of the code.
Submitted by: Charles Mott <cmott@srv.net>
|
