summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ppp/nat_cmd.c
Commit message (Collapse)AuthorAgeFilesLines
* Include the correct file (stdarg.h) and use va_list rather than _BSD_VA_LIST_brian2002-08-271-0/+1
| | | | Suggested by: mike
* Usage style sweep: spell "usage" with a small 'u'.des2002-04-221-5/+5
| | | | | Also change one case of blatant __progname abuse (several more remain) This commit does not touch anything in src/{contrib,crypto,gnu}/.
* cmott@scientech.com -> cm@linktel.netbrian2001-11-031-1/+1
| | | | Requested by: Charless Mott <cmott@scientech.com>
* o Add ipv6 support, abstracting most NCP addresses into opaquebrian2001-08-141-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | structures (well, they're treated as opaque). It's now possible to manage IPv6 interface addresses and routing table entries and to filter IPV6 traffic whether encapsulated or not. IPV6CP support is crude for now, and hasn't been tested against any other implementations. RADIUS and IPv6 are independent of eachother for now. ppp.linkup/ppp.linkdown aren't currently used by IPV6CP o Understand all protocols(5) in filter rules rather than only a select few. o Allow a mask specification for the ``delete'' command. It's now possible to specifically delete one of two conflicting routes. o When creating and deleting proxy arp entries, do it for all IPv4 interface addresses rather than doing it just for the ``current'' peer address. o When iface-alias isn't in effect, don't blow away manually (via ``iface add'') added interface addresses. o When listening on a tcp server (diagnostic) socket, bind so that a tcp46 socket is created -- allowing both IPv4 and IPv6 connections. o When displaying ICMP traffic, don't display the icmp type twice. When display traffic, display at least some information about unrecognised traffic. o Bump version Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
* Add a ``nat punch_fw'' command for punching FTP and IRC DCC holes throughbrian2001-08-021-0/+30
| | | | the firewall.
* Add a ``nat proto'' command -- similar to natd(8)'s -redirect_proto switch.brian2001-07-091-0/+68
| | | | MFC after: 3 weeks
* Add BSD style copyrights (with permission from Charles Mott where appropriate)brian2001-06-041-2/+24
| | | | Deprecate -alias further (after a repo-copy)
* A better fix for the PacketAliasProxyRule() call.brian2001-02-101-3/+3
| | | | Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
* Don't pass PacketAliasProxyRule() a buffer with leading whitespace as itbrian2001-01-281-1/+1
| | | | can't handle it.
* Drop PKT_ALIAS_IGNORED packets if ``nat deny_incoming yes'' is in effect.brian2000-10-301-1/+5
| | | | Approved by: rwatson, ru
* Allow a ``timeout secs'' filter option to let specific packet typesbrian2000-07-111-1/+1
| | | | | | | | | | | | effect the idle timer in different ways. Submitted by: Stefan Esser <se@freebsd.org> With adjustments by me to document the option in the man page and to give the same semantics for outgoing traffic as incoming. I made the style more consistent in ip.c - this should really have been done as a separate commit.
* o Log the (payload/size) of all packet types, not just TCP packetsbrian2000-07-071-1/+1
| | | | | | | | | | | | | | | | | | | o If the new ``filter-decapsulation'' is enabled, delve into UDP packets that contain 0xff 0x03 as the first two bytes, and if we recognise it as PROTO_IP, decapsulate it for the purpose of filter checking. If we recognise it as PROTO_<anything else> mention this for logging purposes only. This change is aimed at people running PPPoUDP where the UDP traffic is being sent over another PPP link. It's desireable to have the top level link connected all the time, but to have the bottom level link capable of decapsulating the traffic and comparing the payload against the filters, thus allowing ``set filter dial ...'' to work in tunnelled environments. The caveat here is that the top ppp cannot employ any compression layers without making the data unreadable for the bottom ppp. ``disable deflate pred1 vj'' and ``deny deflate pred1 vj'' is suggested.
* Remove ``nat pptp'' as this is now done transparently by libalias.brian2000-06-201-24/+0
|
* Always pass packets through libalias when NAT is enabled.brian2000-05-231-14/+2
| | | | | Submitted by: luoqi Forgotten by: me
* Fix a typobrian2000-05-111-1/+1
|
* Mention that the default is to let external traffic route tobrian2000-05-111-1/+7
| | | | | | the internal network when NAT is enabled. Allow ``set target MYADDR'' to stop packets at the gateway.
* Use INADDR_NONE with PacketAliasSetTarget() if no args are given tobrian2000-03-311-1/+1
| | | | | ``nat target'', and suggest the use of ``nat target default'' as an interesting possibility.
* Add the ``nat target'' command.brian2000-03-311-0/+24
|
* Log information about packets being dropped (probably due tobrian2000-03-291-0/+10
| | | | ``nat deny_incoming yes'') by libalias.
* Mention the value of the unexpected return code in nat_LayerPull()brian2000-03-291-1/+1
|
* Add some diagnostics to prove that incoming IP fragments arebrian2000-03-191-2/+12
| | | | being dealt with correctly.
* Refresh the NAT IP pointer after a potential mbuf reallocation. Thisbrian2000-03-141-0/+1
| | | | | caused frequent lock-ups for individual sessions over a NAT'd ppp link when MTU sizes ended up more or less exactly wrong.
* Fix some printf-style argument bugsbrian2000-03-141-2/+2
|
* Introduce LOCALNAT and LOCALRAD defines so that the sources can staybrian2000-03-141-3/+4
| | | | | exactly the same in FreeBSD & OpenBSD despite libalias and libradius being local to the ppp sources under OpenBSD.
* Ensure that there's a bit of extra space in our buffer when it'sbrian2000-01-031-1/+7
| | | | | | | passed to libalias. If there's not enough space, things like ftp PORT commands start failing.... Reported by: Gianmarco Giovannelli <gmarco@giovannelli.it>
* Cosmetic: Make struct mbuf more like kernel mbufs.brian1999-12-201-31/+16
|
* Cosmetic:brian1999-09-081-1/+1
| | | | alias_cmd -> nat_cmd after a repo-copy
* Make the ``Problem with IP header length'' error a bit more verbosebrian1999-09-061-1/+2
|
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* o Add the -foreground switch. This switch behaves like -background exceptbrian1999-08-191-29/+29
| | | | | | | | | that ppp stays in the foreground. o Add the -quiet switch to quieten ppps startup o Add the -nat flag and discourage the use of the -alias flag. Both do the same thing. o Correct some nat usage strings. o Change the internal ``alias'' command to ``nat''.
* Don't return a garbage mbuf pointer after storing itbrian1999-07-281-2/+2
| | | | as an unresolved fragment.
* When we fetch previously retrieved IP fragments from the aliasbrian1999-07-241-4/+5
| | | | | | | | tables, copy them correctly back into our mbuf rather giving a bzero'd count to memcpy() and ending up with a 0 byte fragment. The old code resulted in a 0 byte write to the tun device which tickled a bug that resulted in a panic :-(
* Allow a remote IP and port range specification in thebrian1999-06-101-36/+64
| | | | ``alias port'' command.
* o Alter the mbuf type as it's processed by different layers.brian1999-06-021-4/+5
| | | | | | | | o Show more information about missing MP fragments in ``show mp''. o Do away with mbuf_Log(). It was showing mbuf stats twice on receipt of LCP/CCP/IPCP packets.... ???!!? o Pre-allocate a bit extra when creating LQR packets to avoid having to allocate another mbuf in mbuf_Prepend().
* Allow ``host:port/udp'' devices and support ``host:port/tcp'' asbrian1999-05-121-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | being the same as the previous (still supported) ``host:port'' syntax for tcp socket devices. A udp device uses synchronous ppp rather than async, and avoids the double-retransmit overhead that comes with ppp over tcp (it's usually a bad idea to transport IP over a reliable transport that itself is using an unreliable transport). PPP over UDP provides througput of ** 1.5Mb per second ** with all compression disabled, maxing out a PPro/200 when running ppp twice, back-to-back. This proves that PPPoE is plausable in userland.... This change adds a few more handler functions to struct device and allows derivations of struct device (which may contain their own data etc) to pass themselves through the unix domain socket for MP. ** At last **, struct physical has lost all the tty crud ! iov2physical() is now smart enough to restore the correct stack of layers so that MP servers will work again. The version number has bumped as our MP link transfer contents have changed (they now may contain a `struct device'). Don't extract the protocol twice in MP mode (resulting in protocol rejects for every MP packet). This was broken with my original layering changes. Add ``Physical'' and ``Sync'' log levels for logging the relevent raw packets and add protocol-tracking LogDEBUG stuff in various LayerPush & LayerPull functions. Assign our physical device name for incoming tcp connections by calling getpeername(). Assign our physical device name for incoming udp connections from the address retrieved by the first recvfrom().
* o Redesign the layering mechanism and make the aliasing code part ofbrian1999-05-081-1/+96
| | | | | | | | | | | | | | | | | | | | | the layering. We now ``stack'' layers as soon as we open the device (when we figure out what we're dealing with). A static set of `dispatch' routines are also declared for dealing with incoming packets after they've been `pulled' up through the stacked layers. Physical devices are now assigned handlers based on the device type when they're opened. For the moment there are three device types; ttys, execs and tcps. o Increment version number to 2.2 o Make an entry in [uw]tmp for non-tty -direct invocations (after pap/chap authentication). o Make throughput counters quad_t's o Account for the absolute number of mbuf malloc()s and free()s in ``show mem''. o ``show modem'' becomes ``show physical''.
* Add support for NetBSDbrian1999-04-261-4/+4
|
* Allow port ranges in ``alias port''.brian1999-03-251-42/+83
|
* Support PPTP via libalias (``alias pptp addr'').brian1999-03-071-1/+25
|
* Support proxying & transparent proxying curtesy of libalias(3).brian1999-03-071-1/+24
| | | | | Order the alias command descriptions. Order the SEE ALSO entries.
* Initial RADIUS support (using libradius). See the man page forbrian1999-01-281-2/+5
| | | | | | | | | | | | | | | | | | | details. Compiling with -DNORADIUS (the default for `release') removes support. TODO: The functionality in libradius::rad_send_request() needs to be supplied as a set of routines so that ppp doesn't have to wait indefinitely for the radius server(s). Instead, we need to get a descriptor back, select() on the descriptor, and ask libradius to service it when necessary. For now, ppp blocks SIGALRM while in rad_send_request(), so it misses PAP/CHAP retries & timeouts if they occur. Only PAP is functional. When CHAP is attempted, libradius complains that no User-Password has been specified... rfc2138 says that it *mustn't* be used for CHAP :-( Sponsored by: Internet Business Solutions Ltd., Switzerland
* Sync with OpenBSD ifdefsbrian1998-09-171-2/+6
|
* Put the IP buffer queues into struct ipcp.brian1998-08-261-3/+3
| | | | Forgotten by: me
* Remove redundant includesbrian1998-06-271-2/+1
|
* Don't dlopen()/dlsym() libalias, use it in the same waybrian1998-06-271-9/+29
| | | | as the rest of the world uses libraries.
* Fix a rather nasty use of `static'. This caused a SEGVbrian1998-06-151-1/+2
| | | | | when running ``link * load label'' as we ended up recursing back into command_Interpret after nuking our command arg list.
* MFMP: Make ppp multilink capable.brian1998-05-211-51/+47
| | | | See the file README.changes, and re-read the man page.
* Remove unused #includes.brian1998-01-211-2/+1
| | | | | | Make various bits static. Remove unused variables. Submitted by: eivind
* Correct copyright.brian1997-12-241-24/+3
| | | | Requested by: Eivind Eklund <perhaps@yes.no>
* Charles Mott created these (and told me via email thatbrian1997-12-211-2/+2
| | | | they were BSD copyright). Use his name, not mine.
OpenPOWER on IntegriCloud