| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
the toplevel directory.
This does not change any WARNS level and survives a make universe.
Approved by: ed (co-mentor)
|
| |
|
|
|
|
|
|
| |
preparation for 8.0-RELEASE. Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.
Reviewed by: kib
Approved by: re (rwatson)
|
| |
|
|
|
| |
and FragmentOut.
-Axe the old PacketAlias API: it has been deprecated since 5.x.
|
| |
|
|
|
|
| |
Reported by: jhb
Discussed with: deischen, des, doubg, harti
Approved by: re (kensmith)
|
| |
|
|
|
|
|
| |
renaming /lib/libalias_*.so.4 to /lib/libalias_*.so.
Approved by: glebius
Reviewed by: glebius, ru
|
| |
|
|
|
|
|
| |
- Added ${.CURDIR} to .include "...".
- Whitespace fixes.
OK'ed by: piso
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the first part of my previous Summer of Code work, we get:
-made libalias modular:
-support for 'particular' protocols (like ftp/irc/etcetc) is no more
hardcoded inside libalias, but it's available through external
modules loadable at runtime
-modules are available both in kernel (/boot/kernel/alias_*.ko) and
user land (/lib/libalias_*)
-protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
skinny and smedia
-added logging support for kernel side
-cleanup
After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.
During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.
User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.
The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).
General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.
NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.
Approved by: glebius
Reviewed by: glebius, ru
|
| |
|
|
|
|
|
| |
been bumped since RELENG_5.
Reviewed by: ru
Approved by: re (not needed for commit check but in principle...)
|
| |
|
|
|
| |
Reviewed by: ru
Repocopy by: peter
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libalias.
In /usr/src/lib/libalias/alias.c, the functions LibAliasIn and
LibAliasOutTry call the legacy PacketAliasIn/PacketAliasOut instead
of LibAliasIn/LibAliasOut when the PKT_ALIAS_REVERSE option is set.
In this case, the context variable "la" gets lost because the legacy
compatibility routines expect "la" to be global. This was obviously
an oversight when rewriting the PacketAlias* functions to the
LibAlias* functions.
The fix (as shown in the patch below) is to remove the legacy
subroutine calls and replace with the new ones using the "la" struct
as the first arg.
Submitted by: Gil Kloepfer <fgil@kloepfer.org>
Confirmed by: <nicolai@catpipe.net>
PR: 76839
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
| |
a libalias application (e.g. natd, ppp, etc.) to crash. Note: Skinny support
is not enabled in natd or ppp by default.
Approved by: secteam (nectar)
MFC after: 1 day
Secuiryt: This fixes a remote DoS exploit
|
| | |
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
| |
any fake value.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
functions. Basically, the ip_next() function was used to get the PPTP and
Skinny headers when tcp_next() should have been used instead. Symptoms of
this included a segfault in natd when trying to process a PPTP or Skinny
packet.
Approved by: des
|
| |
|
|
| |
open where people can see them and hopefully fix them.
|
| |
|
|
|
|
|
| |
{ip,udp,tcp} header and return a void * pointing to the payload (i.e. the
first byte past the end of the header and any required padding). Use them
consistently throughout libalias to a) reduce code duplication, b) improve
code legibility, c) get rid of a bunch of alignment warnings.
|
| |
|
|
|
|
| |
a short pointer. The previous implementation seems to be in a gray zone
of the C standard, and GCC generates incorrect code for it at -O2 or
higher on some platforms.
|
| |
|
|
| |
alpha.
|
| |
|
|
|
|
|
|
|
| |
named link, foo_link or link_foo to lnk, foo_lnk or lnk_foo, fixing
signed / unsigned comparisons, and shoving unused function arguments
under the carpet.
I was hoping WARNS?=6 might reveal more serious problems, and perhaps
the source of the -O2 breakage, but found no smoking gun.
|
| | |
|
| | |
|
| |
|
|
| |
does not create a new entry if none is found.
|
| | |
|
| |
|
|
|
| |
Fixed markup.
Fixed examples to match the new API.
|
| |
|
|
| |
Reported and submitted by: Sean McNeil (sean at mcneil.com)
|
| | |
|
| |
|
|
|
| |
Reviewed by: ru
Approved by: silence on the lists
|
| |
|
|
|
| |
The result isn't quite knf, but it's knfer than the original, and far
more consistent.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Makes it possible to have multiple packet aliasing instances in a
single process by moving all static and global variables into an
instance structure called "struct libalias".
Redefine a new API based on s/PacketAlias/LibAlias/g
Add new "instance" argument to all functions in the new API.
Implement old API in terms of the new API.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers. With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.
Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.
PR: 55843
Reviewed by: ru
Approved by: ru
MFC after: 30 days
|
| |
|
|
|
| |
Submitted by: Stefan Farfeleder
PR: bin/56653
|
| | |
|
| | |
|
| |
|
|
|
|
| |
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.
|
| |
|
|
|
|
| |
original source IP address, as promised in the manual page.
Spotted by: Vaclav Petricek
|
| |
|
|
| |
limit" mdoc(7) atavism.
|
| |
|
|
| |
are _destination_ address and port.
|
| | |
|
| | |
|
| |
|
|
|
| |
to mark a fully specified static link as dynamic; i.e. make
it a one-time link.
|
| |
|
|
|
|
| |
is not called, and no static rules match an outgoing packet, the
latter retains its source IP address. This is in support of the
"static NAT only" mode.
|
| | |
|
| |
|
|
| |
especially in troff files.
|
| | |
|
| |
|
|
|
|
|
| |
IP datagram embedded into ICMP error message.
Spotted by: tcpdump 3.7.1 (-vvv)
MFC after: 3 days
|
| |
|
|
| |
Make indentation of new parts consistent with the style used for this file.
|
