272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
241844 |
22-Oct-2012 |
eadler |
remove duplicate semicolons where possible.
Approved by: cperciva MFC after: 1 week
|
241736 |
19-Oct-2012 |
ed |
Add missing const keywords.
|
236809 |
09-Jun-2012 |
joel |
mdoc: fix a few badly nested blocks.
|
235873 |
24-May-2012 |
wblock |
Fixes to man8 groff mandoc style, usage mistakes, or typos.
PR: 168016 Submitted by: Nobuyuki Koganemaru Approved by: gjb MFC after: 3 days
|
227081 |
04-Nov-2011 |
ed |
Add missing static keywords for global variables to tools in sbin/.
These tools declare global variables without using the static keyword, even though their use is limited to a single C-file, or without placing an extern declaration of them in the proper header file.
|
223713 |
01-Jul-2011 |
sem |
Fix a typo.
Approved by: kib
|
220808 |
18-Apr-2011 |
sobomax |
Furthermore condition IP waiting behaviour also on -dynamic flag. This should preserve POLA in all other cases (foreground || non-dynamic).
MFC after: 2 weeks
|
220806 |
18-Apr-2011 |
sobomax |
Only wait for the IP to appear on the interface if natd is running in the background.
Suggested by: Garrett Cooper <yanegomi@gmail.com>
Use EAGAIN instead of magic value of -2 to report this condition from the SetAliasAddressFromIfName routine.
MFC after: 2 weeks
|
220736 |
17-Apr-2011 |
sobomax |
If we can retrieve interface address sleep for one second and try again. This can happen during start-up, when natd starts before dhclient has a chance to receive IP address from the upstream provider.
MFC after: 2 weeks
|
202532 |
17-Jan-2010 |
ed |
Raise WARNS for various tools where possible.
Submitted by: Marius NĂ¼nnerich <marius@nuenneri.ch>
|
202531 |
17-Jan-2010 |
ed |
Mute some (hidden) warnings about old-style function definitions.
Submitted by: Marius NĂ¼nnerich <marius nuenneri ch>
|
201145 |
28-Dec-2009 |
antoine |
(S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument. Fix some wrong usages. Note: this does not affect generated binaries as this argument is not used.
PR: 137213 Submitted by: Eygene Ryabinkin (initial version) MFC after: 1 month
|
182825 |
06-Sep-2008 |
rik |
Check rule numbers against maximum value to avoid rules cleanup due to overflow.
MFC after: 5 days.
|
179937 |
22-Jun-2008 |
mav |
Add exit_delay parameter to control daemon exit delay after signal.
PR: bin/58696 Submitted by: sp@alkor.ru
|
179935 |
22-Jun-2008 |
mav |
Use strdup() instead of static buffer allocation to avoid 128 bytes limit on -redirect_XXX arguments length.
PR: bin/86647 Submitted by: Stephen Hurd <shurd@sasktel.net>
|
179607 |
06-Jun-2008 |
brian |
Don't abend if we get ENOMEM from sysctl(3). The data returned is sufficient
MFC after: 2 weeks
|
175971 |
04-Feb-2008 |
ru |
Improve rev. 1.63. Document -instance and -globalport options. Add a MULTIPLE INSTANCES section which provides an example of setting up natd in multi-instance mode (based on the notes.natd file from phk@).
Submitted by: "Andrey V. Elsukov" <bu7cher@yandex.ru> Reviewed by: ru
|
175552 |
21-Jan-2008 |
trhodes |
Note that the punch_fw option does not work in securelevel 3 and Xref init.8. Bump .Dd.
PR: 41807
|
174591 |
14-Dec-2007 |
maxim |
o Markup and grammar fixes.
|
174508 |
10-Dec-2007 |
ceri |
Bump .Dd for r1.63; fix small nit from the same.
|
174506 |
10-Dec-2007 |
phk |
Add a bit more detailed description about a configuration file format and about using NAT "instances".
Submitted by: "Andrey V. Elsukov" <bu7cher@yandex.ru>
|
162674 |
26-Sep-2006 |
piso |
Summer of Code 2005: improve libalias - part 1 of 2
With the first part of my previous Summer of Code work, we get:
-made libalias modular:
-support for 'particular' protocols (like ftp/irc/etcetc) is no more hardcoded inside libalias, but it's available through external modules loadable at runtime
-modules are available both in kernel (/boot/kernel/alias_*.ko) and user land (/lib/libalias_*)
-protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp, skinny and smedia
-added logging support for kernel side
-cleanup
After a buildworld, do a 'mergemaster -i' to install the file libalias.conf in /etc or manually copy it.
During startup (and after every HUP signal) user land applications running the new libalias will try to read a file in /etc called libalias.conf: that file contains the list of modules to load.
User land applications affected by this commit are ppp and natd: if libalias.conf is present in /etc you won't notice any difference.
The only kernel land bit affected by this commit is ng_nat: if you are using ng_nat, and it doesn't correctly handle ftp/irc/etcetc sessions anymore, remember to kldload the correspondent module (i.e. kldload alias_ftp).
General information and details about the inner working are available in the libalias man page under the section 'MODULAR ARCHITECTURE (AND ipfw(4) SUPPORT)'.
NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat support will be part of the next libalias-related commit.
Approved by: glebius Reviewed by: glebius, ru
|
145797 |
02-May-2005 |
delphij |
WARNS=6 and gcc4 cleanup: - Use const where necessary - Use __unused where applicable - Rename variables that is conflicit with global definations
|
140295 |
15-Jan-2005 |
ru |
Eliminate macro calls inside literal displays.
|
139918 |
08-Jan-2005 |
trhodes |
Remove unused variable.
|
131567 |
04-Jul-2004 |
phk |
Give natd multi-instance capabilities.
This makes it possible to do load-sharing on two xDSL lines etc.
|
129103 |
10-May-2004 |
hmp |
Use strlcpy(3) instead of strcpy(3).
PR: 46761
Philipp Mergenthaler <philipp.mergenthaler@stud.uni-karlsruhe.de>
|
128186 |
13-Apr-2004 |
luigi |
Replace ROUNDUP/ADVANCE with SA_SIZE
|
126178 |
23-Feb-2004 |
johan |
style.Makefile(5): Use WARNS?= instead of WARNS=.
|
120372 |
23-Sep-2003 |
marcus |
Add Cisco Skinny Station protocol support to libalias, natd, and ppp. Skinny is the protocol used by Cisco IP phones to talk to Cisco Call Managers. With this code, one can use a Cisco IP phone behind a FreeBSD NAT gateway.
Currently, having the Call Manager behind the NAT gateway is not supported. More information on enabling Skinny support in libalias, natd, and ppp can be found in those applications' manpages.
PR: 55843 Reviewed by: ru Approved by: ru MFC after: 30 days
|
118875 |
13-Aug-2003 |
ru |
- Clarify the port range syntax in -redirect_port.
PR: docs/46286
- "IP number" -> "IP address", for consistency.
|
118873 |
13-Aug-2003 |
ru |
Added an option to specify an alternate PID file.
PR: bin/37159 Submitted by: "Aleksandr A. Babaylov" <.@babolo.ru>
|
116319 |
13-Jun-2003 |
ru |
If the -proxy_only option is used, the -alias_address/-interface options are not required.
Suggested by: Vaclav Petricek MFC after: 2 weeks
|
111674 |
28-Feb-2003 |
ru |
Don't pretend natd(8) doesn't work with ppp(8) interfaces. While there's probably a better way to achieve the same, nothing precludes us from using natd(8) on tun(4) links.
Noticed by: bde
|
110415 |
05-Feb-2003 |
charnier |
Use a more standard error message. Add FBSDID.
Reviewed by: ru
|
109727 |
23-Jan-2003 |
ru |
Fixed Charles' e-mail here too.
|
108533 |
01-Jan-2003 |
schweikh |
Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, especially in troff files.
|
101810 |
13-Aug-2002 |
ru |
can not -> cannot.
|
101796 |
13-Aug-2002 |
ru |
mdoc(7) police: canonize FreeBSD in e-mail address.
|
99501 |
06-Jul-2002 |
charnier |
The .Nm utility
|
99382 |
03-Jul-2002 |
archie |
Update my email address.
|
94535 |
12-Apr-2002 |
ru |
I don't know what the MAINTAINER means in src/ part of FreeBSD.
I'll still be overseeing the changes that go into natd(8) and will maintain it the way I see it, non-preventing for the rest of developers.
I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets defined.
|
89396 |
15-Jan-2002 |
ru |
Back out part of the revision 1.2 changes -- sendto(2) can not return ENOBUFS for unreliable protocols like divert.
This should fix an issue when natd(8) keeps spamming already full dummynet(4) queues with the same packet forever.
Spotted by: chkno@dork.com Explained by: luigi Reviewed by: Ari Suutari <ari.suutari@syncrontech.com> MFC after: 2 weeks
|
87647 |
11-Dec-2001 |
ru |
s/sysctl -w/sysctl/
|
87325 |
04-Dec-2001 |
obrien |
Default to WARNS=2. Binary builds that cannot handle this must explicitly set WARNS=0.
Reviewed by: mike
|
86955 |
27-Nov-2001 |
ru |
Make -log_ipfw_denied active by default with -verbose.
Discussed with: phk
|
86954 |
27-Nov-2001 |
ru |
Fixed (local) style bugs in previous revision.
|
85770 |
31-Oct-2001 |
phk |
Do not uselessly whine in syslog about packets denied by ipfw rules.
Set 'log_ipfw_denied' option if you want the old behaviour.
PR: 30255 Submitted by: Flemming "F3" Jacobsen <fj@batmule.dk> Reviewed by: phk MFC after: 4 weeks
|
81251 |
07-Aug-2001 |
ru |
mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text. Not only this slows down the mdoc(7) processing significantly, but it also has an undesired (in this case) effect of disabling hyphenation within the entire enclosed block.
|
79530 |
10-Jul-2001 |
ru |
mdoc(7) police: removed HISTORY info from the .Os call.
|
78549 |
21-Jun-2001 |
joe |
Revert the previous commit on objection from the maintainer. I missed that natd has a -v option that will give similar functionality.
Requested by: ru
|
78547 |
21-Jun-2001 |
joe |
When reporting that a packet can't be written back, usually because of a restrictive firewall rule, also report detail on the packet that caused the failure.
MFC after: 3 days
|
75670 |
18-Apr-2001 |
ru |
mdoc(7) police: normalize .Nd.
|
74815 |
26-Mar-2001 |
ru |
- Backout botched attempt to introduce MANSECT feature. - MAN[1-9] -> MAN.
|
74531 |
20-Mar-2001 |
ru |
Set the default manual section for sbin/ to 8.
|
71895 |
01-Feb-2001 |
ru |
mdoc(7) police: split punctuation characters + misc fixes.
|
68960 |
20-Nov-2000 |
ru |
mdoc(7) police: use the new features of the Nm macro.
|
68823 |
16-Nov-2000 |
ru |
Describe -deny_incoming better, highlight some keywords, add myself to the AUTHORS section.
|
68754 |
15-Nov-2000 |
ben |
more removal of trailing periods from SEE ALSO.
|
63300 |
17-Jul-2000 |
ru |
Suggest looking at rc.conf(5) on how to start natd(8) during boot.
Submitted by: dcs
|
62882 |
10-Jul-2000 |
kris |
Don't call warn() with no format string.
|
62252 |
29-Jun-2000 |
ru |
"Ease understanding" of how -punch_fw works.
Reviewed by: sheldonh
|
62160 |
27-Jun-2000 |
ru |
Added new option (-punch_fw) which allows to `punch holes' in the ipfirewall(4) for incoming FTP/IRC DCC connections.
Submitted by: Rene de Vries <rene@canyon.demon.nl> Rewritten by: ru
|
62157 |
27-Jun-2000 |
ru |
- mdoc(7) style cleanup - new version of security note from alex.
|
62128 |
26-Jun-2000 |
alex |
Back out both previous commits. The first one got screwed up by me because of rev 1.33, which was incorrectly merged into my patches by myself, and so Ruslan (maintainer) asked me to back them out.
Ruslan was ok with the second one, but since it needs rework, it'll be readded later, when it doesn't conflict with the backout of the first one.
Pointy hat: alex Beer on next meeting: ru
|
62122 |
26-Jun-2000 |
alex |
Add note about security concerns w/o a firewall but other machines on your LAN to the "RUNNING NATD" introduction.
In a different way requested by: PR: 18802 Submitted by: Zachary K Drew <drew0054@tc.umn.edu>
|
62121 |
26-Jun-2000 |
alex |
mdoc style cleanup.
Reviewed by: sheldonh
|
61864 |
20-Jun-2000 |
ru |
Remove ``pptpalias'' since this is now done transparently by libalias(3).
|
61726 |
16-Jun-2000 |
ru |
Remove unused parameter.
|
60784 |
22-May-2000 |
sheldonh |
Fix a small grammar nit, with the maintainer's implicit approval.
|
60683 |
18-May-2000 |
ru |
Add new option (-target_addr) to control how to deal with incoming packets not associated with any pre-existing link.
Submitted by: brian
|
59921 |
03-May-2000 |
ru |
New option: -redirect_proto.
|
59798 |
30-Apr-2000 |
joe |
Fixes a potential buffer overflow with the command line arguments.
Submitted by: Mike Heffner <spock@techfour.net> Submitted on: audit@freebsd.org
|
59703 |
27-Apr-2000 |
ru |
Load Sharing using IP Network Address Translation (RFC 2391, LSNAT).
|
58946 |
02-Apr-2000 |
brian |
Correct Charles Mott's email address Requested by: cmott@scientech.com
|
57668 |
01-Mar-2000 |
sheldonh |
Remove single-space hard sentence breaks. These degrade the quality of the typeset output, tend to make diffs harder to read and provide bad examples for new-comers to mdoc.
|
57512 |
26-Feb-2000 |
brian |
Suggest ppp -nat, not ppp -alias
|
57480 |
25-Feb-2000 |
ru |
Remove the config file line length restriction.
PR: 16900 Reviewed by: "Crist J. Clark" <cjclark@home.com>, jkh Approved by: jkh
|
56587 |
25-Jan-2000 |
ru |
Now that kernel is capable of notifying user processes about the interface MTU change (src/sys/net/if_sl.c,v 1.83), track interface MTU with -dynamic option as well.
PR: 15494
|
52683 |
30-Oct-1999 |
mpp |
Minor grammar fix.
|
52200 |
13-Oct-1999 |
ru |
ioctl -> sysctl for interface address changes.
PR: 14169 Reviewed by: Ari Suutari <ari@suutari.iki.fi>
|
51963 |
06-Oct-1999 |
ru |
Fixed the description of how packets re-enter IP firewall filter.
Suggested by: Ari Suutari <ari@suutari.iki.fi>
|
51751 |
28-Sep-1999 |
ru |
Do not defer setting of the aliasing address from interface name if not operating in dynamic mode.
Reviewed by: Ari Suutari <ari@suutari.iki.fi>
|
51242 |
13-Sep-1999 |
ru |
`permanent_link' is obsolete; update examples.
|
51241 |
13-Sep-1999 |
ru |
Add Ari Suutari as a maintainer.
Approved by: Ari Suutari <ari@suutari.iki.fi>
|
51063 |
07-Sep-1999 |
ru |
Config file parser changes:
- Trailing spaces and empty lines are ignored. - A `#' sign will mark the remaining of the line as a comment.
Reviewed by: Ari Suutari <ari@suutari.iki.fi>
|
50810 |
02-Sep-1999 |
ru |
Allow signals to interrupt system calls. Remove redundant signal() call.
PR: 6676 Submitted by: luoqi Reviewed by: Ari Suutari <ari@suutari.iki.fi>
|
50476 |
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
49994 |
18-Aug-1999 |
chris |
Bad cross-reference of getservbyname(2) changed to getservbyname(3)
Reviewed by: ru
|
49166 |
28-Jul-1999 |
ru |
Become a maintainer.
Approved by: brian
|
49164 |
28-Jul-1999 |
ru |
Back out previous commit.
|
48063 |
21-Jun-1999 |
brian |
Mention that data going from one internal address to another will not be processed by natd. Requested by: Ludwig Pummer <ludwigp@bigfoot.com>
|
47754 |
05-Jun-1999 |
archie |
When incrementing through a SIOCGIFCONF list, enforce a lower limit of sizeof(ifr->ifr_addr) for the variable length field ifr->ifr_addr.sa_len. Otherwise the increment will be wrong in certain cases.
Obtained from: Whistle source tree For the record: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> suggests SIOCGIFCONF should be dropped in favor of a sysctl mechanism.
|
47122 |
13-May-1999 |
brian |
Oops - missing parenthesis
|
47121 |
13-May-1999 |
brian |
/sbin/natd portrange documentation and bugfix Submitted by: Ruslan Ermilov <ru@ucb.crimea.ua> PR: 11690
3.2 candidate ?
|
46080 |
25-Apr-1999 |
imp |
More egcs warning fixes: o main returns int not void o use braces to avoid potentially ambiguous else
Note: The fix to natd is potentially functional in nature since I used the indentation as the right thing rather than the struct semantics. Someone more familiar with the code should double check me on this one.
Reviewed by: obrien and chuckr
|
45970 |
24-Apr-1999 |
sada |
Typo of `same_ports' directive. Submitted by: Masaki Nohtomi <noutomi@jbm-net.or.jp>
|
45498 |
08-Apr-1999 |
eivind |
Add a comment that natd is made for use with NICs, not PPP links - I'm tired of the five people each day that ask me how to set up natd for use with PPP.
|
45143 |
30-Mar-1999 |
brian |
Disable reads on our ICMP socket. We only use it for sending. PR: 9253
|
45047 |
26-Mar-1999 |
brian |
Add `const's that I forgot to commit. Not bad - I broke the -stable and -current builds in the space of 1 day !
Pointed out by: jdp
|
45011 |
24-Mar-1999 |
brian |
Add some const-cleanliness and avoid some warnings.
|
45010 |
24-Mar-1999 |
brian |
Allow port ranges when specifying -redirect_port.
Submitted by: Wes Santee <wes@bogon.net> PR: 9696
|
44654 |
11-Mar-1999 |
brian |
Fix a diagnostic typo Submitted by: Martin Machacek <mm@i.cz>
|
44558 |
07-Mar-1999 |
brian |
Upgrade (almost) to natd 2.0b1
- Transparent proxy support. - PERMANENT_LINK IS NOW OBSOLETE, use redirect_port instead. - Drop support for early FreeBSD 2.2 versions - If separate input & output sockets are being used use them to find out packet direction instead of normal mechanism. This can be handy in complex environments with multiple interfaces. - PPTP redirect support by Dru Nelson <dnelson@redwoodsoft.com> added. - Logging enhancements from Martin Machacek <mm@i.cz> added.
Obtained from: Ari Suutari <ari@suutari.iki.fi>
|
44320 |
27-Feb-1999 |
jkh |
Make this work with the new alias library since, evidently, we're not providing the backwards-compatability routines in libalias anymore (which I think may have been a mistake).
|
37650 |
15-Jul-1998 |
jkoshy |
Fix inconsistent port numbering in man page.
PR: 7250 Submitted-by: Norihiro Kumagai <kuma@jp.freebsd.org>
|
37633 |
14-Jul-1998 |
jkoshy |
Add $Id$.
PR: 7249
|
37374 |
04-Jul-1998 |
brian |
Make things clearer. Submitted (some time ago) by: Ted Mittelstaedt <tedm@portsoft.com>
|
37368 |
04-Jul-1998 |
brian |
Suggest port 8668 rather than 6668 for natd. 6668 is IRC.
|
35266 |
18-Apr-1998 |
brian |
Fix incorrect flag spec PR: 6339 (part of) Submitted by: Chris Dillon <cdillon@wolves.k12.mo.us>
|
34809 |
23-Mar-1998 |
charnier |
.Sh AUTHOR -> .Sh AUTHORS. Use .An/.Aq.
|
32856 |
29-Jan-1998 |
brian |
Make it clear that aliasing is done on the public interface, not the private one.
|
32107 |
30-Dec-1997 |
alex |
Added copyright (taken from natd.c).
Approved by: Ari Suutari <ari@suutari.iki.fi>
|
32026 |
27-Dec-1997 |
alex |
Typo/$Id$ police.
|
31660 |
10-Dec-1997 |
brian |
natd 1_10 => 1_11 Cosmetic style changes Use u_short for port values. Submitted by: Ari Suutari <ari@suutari.iki.fi>
|
31576 |
06-Dec-1997 |
brian |
Reverse my previous change and use htons() on an int instead of htonl() !
This results in the int a,b,c,d changing to b,a,c,d, but as it's subsequently coerced to a u_short, the ultimate answer is correct.
If this isn't fixed properly soon (by the author) I'll have a look at it again.
Noted by: eivind & ari@suutari.iki.fi
|
31148 |
13-Nov-1997 |
brian |
Use htonl() rather than htons().
|
30554 |
18-Oct-1997 |
brian |
Add -redirect_port and -redirect_address to the synopsis.
|
30059 |
02-Oct-1997 |
charnier |
Use err(3). Change firewall to firewall_enable in man page according to /etc/rc.conf.
|
29988 |
29-Sep-1997 |
wosch |
Sort cross refereces in section SEE ALSO.
|
29562 |
18-Sep-1997 |
charnier |
Typo.
|
29163 |
06-Sep-1997 |
brian |
Ingored incoming packets are now dropped when deny_incoming option is set to yes. Submitted by: Ari Suutari <ari@suutari.iki.fi>
|
28956 |
31-Aug-1997 |
eivind |
Fix my e-mail address. Old work addres is no good.
|
28045 |
10-Aug-1997 |
brian |
- Buffer space problem found by Sergio Lenzi <lenzi@bsi.com.br> fixed. Natd now waits with select(2) for buffer space to become available if write fails. - Packet aliasing library upgraded to 2.2.
Submitted by: Ari Suutari <suutari@iki.fi>
|
26891 |
24-Jun-1997 |
brian |
Suggest using /etc/services entry rather than a number in the "ipfw add divert" example.
|
26810 |
22-Jun-1997 |
jkh |
sysconfig -> rc.conf
|
26782 |
22-Jun-1997 |
brian |
This commit was generated by cvs2svn to compensate for changes in r26781, which included commits to RCS files with non-trunk default branches.
|