| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the first part of my previous Summer of Code work, we get:
-made libalias modular:
-support for 'particular' protocols (like ftp/irc/etcetc) is no more
hardcoded inside libalias, but it's available through external
modules loadable at runtime
-modules are available both in kernel (/boot/kernel/alias_*.ko) and
user land (/lib/libalias_*)
-protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
skinny and smedia
-added logging support for kernel side
-cleanup
After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.
During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.
User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.
The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).
General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.
NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.
Approved by: glebius
Reviewed by: glebius, ru
|
| |
|
|
|
|
| |
- Use const where necessary
- Use __unused where applicable
- Rename variables that is conflicit with global definations
|
| | |
|
| | |
|
| |
|
|
| |
This makes it possible to do load-sharing on two xDSL lines etc.
|
| |
|
|
|
|
| |
PR: 46761
Philipp Mergenthaler <philipp.mergenthaler@stud.uni-karlsruhe.de>
|
| | |
|
| |
|
|
| |
Use WARNS?= instead of WARNS=.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers. With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.
Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.
PR: 55843
Reviewed by: ru
Approved by: ru
MFC after: 30 days
|
| |
|
|
|
|
| |
PR: docs/46286
- "IP number" -> "IP address", for consistency.
|
| |
|
|
|
| |
PR: bin/37159
Submitted by: "Aleksandr A. Babaylov" <.@babolo.ru>
|
| |
|
|
|
|
|
| |
options are not required.
Suggested by: Vaclav Petricek
MFC after: 2 weeks
|
| |
|
|
|
|
|
| |
While there's probably a better way to achieve the same,
nothing precludes us from using natd(8) on tun(4) links.
Noticed by: bde
|
| |
|
|
| |
Reviewed by: ru
|
| | |
|
| |
|
|
| |
especially in troff files.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
I'll still be overseeing the changes that go into natd(8) and
will maintain it the way I see it, non-preventing for the rest
of developers.
I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets
defined.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
not return ENOBUFS for unreliable protocols like divert.
This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.
Spotted by: chkno@dork.com
Explained by: luigi
Reviewed by: Ari Suutari <ari.suutari@syncrontech.com>
MFC after: 2 weeks
|
| | |
|
| |
|
|
|
|
| |
Binary builds that cannot handle this must explicitly set WARNS=0.
Reviewed by: mike
|
| |
|
|
| |
Discussed with: phk
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Set 'log_ipfw_denied' option if you want the old behaviour.
PR: 30255
Submitted by: Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by: phk
MFC after: 4 weeks
|
| |
|
|
|
|
|
| |
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
|
| | |
|
| |
|
|
|
|
| |
missed that natd has a -v option that will give similar functionality.
Requested by: ru
|
| |
|
|
|
|
|
| |
of a restrictive firewall rule, also report detail on the packet
that caused the failure.
MFC after: 3 days
|
| | |
|
| |
|
|
| |
- MAN[1-9] -> MAN.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
add myself to the AUTHORS section.
|
| | |
|
| |
|
|
| |
Submitted by: dcs
|
| | |
|
| |
|
|
| |
Reviewed by: sheldonh
|
| |
|
|
|
|
|
| |
in the ipfirewall(4) for incoming FTP/IRC DCC connections.
Submitted by: Rene de Vries <rene@canyon.demon.nl>
Rewritten by: ru
|
| |
|
|
| |
- new version of security note from alex.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The first one got screwed up by me because of rev 1.33, which was
incorrectly merged into my patches by myself, and so Ruslan (maintainer)
asked me to back them out.
Ruslan was ok with the second one, but since it needs rework, it'll be
readded later, when it doesn't conflict with the backout of the first one.
Pointy hat: alex
Beer on next meeting: ru
|
| |
|
|
|
|
|
|
| |
on your LAN to the "RUNNING NATD" introduction.
In a different way requested by:
PR: 18802
Submitted by: Zachary K Drew <drew0054@tc.umn.edu>
|
| |
|
|
| |
Reviewed by: sheldonh
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
not associated with any pre-existing link.
Submitted by: brian
|
