From 1717f18181654d5b073cff9521c0b635459cfe39 Mon Sep 17 00:00:00 2001 From: ae Date: Tue, 14 Jun 2011 12:06:38 +0000 Subject: Sort alias mode flags in the increasing order. --- sys/netinet/libalias/alias.h | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'sys/netinet/libalias/alias.h') diff --git a/sys/netinet/libalias/alias.h b/sys/netinet/libalias/alias.h index 2aed829..6fe40ed 100644 --- a/sys/netinet/libalias/alias.h +++ b/sys/netinet/libalias/alias.h @@ -197,17 +197,6 @@ struct mbuf *m_megapullup(struct mbuf *, int); */ #define PKT_ALIAS_RESET_ON_ADDR_CHANGE 0x20 -#ifndef NO_FW_PUNCH -/* - * If PKT_ALIAS_PUNCH_FW is set, active FTP and IRC DCC connections will - * create a 'hole' in the firewall to allow the transfers to work. The - * ipfw rule number that the hole is created with is controlled by - * PacketAliasSetFWBase(). The hole will be attached to that - * particular alias_link, so when the link goes away the hole is deleted. - */ -#define PKT_ALIAS_PUNCH_FW 0x100 -#endif - /* * If PKT_ALIAS_PROXY_ONLY is set, then NAT will be disabled and only * transparent proxying is performed. @@ -220,6 +209,17 @@ struct mbuf *m_megapullup(struct mbuf *, int); */ #define PKT_ALIAS_REVERSE 0x80 +#ifndef NO_FW_PUNCH +/* + * If PKT_ALIAS_PUNCH_FW is set, active FTP and IRC DCC connections will + * create a 'hole' in the firewall to allow the transfers to work. The + * ipfw rule number that the hole is created with is controlled by + * PacketAliasSetFWBase(). The hole will be attached to that + * particular alias_link, so when the link goes away the hole is deleted. + */ +#define PKT_ALIAS_PUNCH_FW 0x100 +#endif + /* Function return codes. */ #define PKT_ALIAS_ERROR -1 #define PKT_ALIAS_OK 1 -- cgit v1.1 From a060389e5b178c7324442c0723886c8fda798998 Mon Sep 17 00:00:00 2001 From: ae Date: Tue, 14 Jun 2011 13:35:24 +0000 Subject: Implement "global" mode for ipfw nat. It is similar to natd(8) "globalport" option for multiple NAT instances. If ipfw rule contains "global" keyword instead of nat_number, then for each outgoing packet ipfw_nat looks up translation state in all configured nat instances. If an entry is found, packet aliased according to that entry, otherwise packet is passed unchanged. User can specify "skip_global" option in NAT configuration to exclude an instance from the lookup in global mode. PR: kern/157867 Submitted by: Alexander V. Chernikov (previous version) Tested by: Eugene Grosbein --- sys/netinet/libalias/alias.h | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'sys/netinet/libalias/alias.h') diff --git a/sys/netinet/libalias/alias.h b/sys/netinet/libalias/alias.h index 6fe40ed..b12b353 100644 --- a/sys/netinet/libalias/alias.h +++ b/sys/netinet/libalias/alias.h @@ -220,6 +220,12 @@ struct mbuf *m_megapullup(struct mbuf *, int); #define PKT_ALIAS_PUNCH_FW 0x100 #endif +/* + * If PKT_ALIAS_SKIP_GLOBAL is set, nat instance is not checked for matching + * states in 'ipfw nat global' rule. + */ +#define PKT_ALIAS_SKIP_GLOBAL 0x200 + /* Function return codes. */ #define PKT_ALIAS_ERROR -1 #define PKT_ALIAS_OK 1 -- cgit v1.1