Lines Matching +full:linear +full:- +full:mapping +full:- +full:mode

1 .\"-
41 library is a collection of functions for aliasing and de-aliasing of IP
48 Incoming packets are then de-aliased so that they are sent to the correct
52 In the simplest mode of operation, a many-to-one address mapping takes
55 In addition, one-to-one mappings between local and public addresses can
59 many-to-one mappings.
70 In addition, the operating mode of the packet aliasing engine can be
76 .Bd -ragged -offset indent
82 The following mode bits are always set after calling
86 below for the meaning of these mode bits.
88 .Bl -item -offset indent -compact
102 default mode bits listed above require a call to
111 .Bd -ragged -offset indent
126 .Bd -ragged -offset indent
129 All outgoing packets are re-mapped to this address unless overridden by a
130 static address mapping established by
137 mode bit is set (the default mode of operation), then the internal aliasing
142 address may or may not change on successive dial-up attempts.
146 mode bit is set to zero, this function can also be used to dynamically change
147 the aliasing address on a packet-to-packet basis (it is a low overhead call).
154 .Bd -ragged -offset indent
155 This function sets or clears mode bits
161 The following mode bits are defined in
163 .Bl -tag -width indent
172 If this mode bit is set, all incoming packets associated with new TCP
183 This mode bit is useful for implementing a one-way firewall.
185 If this mode bit is set, the packet-aliasing engine will attempt to leave
190 mode bit is set.
196 mode bit specifies that a socket be allocated as a place holder to prevent
201 If this mode bit is set, traffic on the local network which does not
205 10.0.0.0           ->        10.255.255.255   (/8)
206 172.16.0.0         ->        172.31.255.255   (/16)
207 192.168.0.0        ->        192.168.255.255  (/24)
217 100.64.0.0   ->  100.127.255.255  (RFC 6598 subnet)
219 When this mode bit is set and
223 This operating mode is useful for
226 between dial-up attempts.
227 If this mode bit is not set, the link table will never be reset in the event
234 .Xr ipfirewall 4 -
241 (e.g.\& kill -9),
274 When this bit is set, UDP uses endpoint-independent mapping (EIM), as per
286 When this bit is unset, UDP packets use endpoint-dependent mapping (EDM)
292 by port forwarding on the NAT, or tunnelling through an in-between server.
298 .Bd -ragged -offset indent
307 .Bd -ragged -offset indent
333 .Bd -ragged -offset indent
335 de-aliased by this function.
344 .Bl -tag -width indent
348 The packet was ignored and not de-aliased.
353 mode bit was set using
365 and de-alias them with
374 .Bd -ragged -offset indent
389 .Bl -tag -width indent
404 Individual ports can be re-mapped or static network address translations can
418 .Bd -ragged -offset indent
459 The remote port specification will almost always be zero, but non-zero
488 .Bd -ragged -offset indent
561 .Bd -ragged -offset indent
568 in the server pool, using a real-time load sharing algorithm.
577 host is selected on a round-robin basis only, without regard to load on
598 This function returns 0 on success, \-1 otherwise.
603 .Bd -ragged -offset indent
617 This function returns 0 on success, \-1 otherwise.
622 .Bd -ragged -offset indent
638 .Bd -ragged -offset indent
645 .Bl -tag -width indent
683 inserts the next rule at the start of a linear list of rules.
737 .Bd -ragged -offset indent
760 Non-zero remote addresses can sometimes be useful for firewalling.
778 by changing the address according to any applicable mapping set by
785 subsequent fragments will be re-mapped in the same manner the header
792 .Bd -ragged -offset indent
817 .Bd -ragged -offset indent
838 .Bd -ragged -offset indent
841 it can then be de-aliased with a call to
847 is the pointer to the packet to be de-aliased.
854 .Bd -ragged -offset indent
860 for inbound (ext -> int) traffic.
865 .Bd -ragged -offset indent
866 When an incoming packet not associated with any pre-existing aliasing link
886 .Bd -ragged -offset indent
890 protocol-specific headers (TCP, UDP, ICMP).
897 The 16-bit checksum field should be zeroed before computing the checksum.
908 .Bd -ragged -offset indent
916 This function can be used if an already-aliased packet needs to have its
934 which is a 7-tuple describing a specific translation:
935 .Bd -literal -offset indent
983 .Bd -literal -offset indent
996 .Bd -literal -offset indent
1004 If an address mapping exists for the outgoing packet, this determines
1006 If no mapping exists, then a default address, usually the address of the
1013 In the default operating mode, the packet aliasing engine attempts to set
1017 In an alternate operating mode, the first choice of an aliasing port is also
1024 the ability to load/unload support for new protocols at run-time.
1061 .Bd -literal -offset indent
1087 .Dl "kill -HUP <process_pid>"
1095 .Bd -literal
1111 .Bd -literal
1125 .Bl -inset
1171 .Bd -literal -offset indent
1177 	&ud->uh_sport,          /* original source port */
1178 	&ud->uh_dport,		/* original dest port */
1197 .Bl -tag -width indent
1243 .Bd -literal
1249 	 * dlopen() - use this ptr to get access
1257 .Bl -inset
1278 .Bd -literal
1316 .Bd -literal
1345 .Bd -literal
1372 .Bl -enum
1398 .Bd -literal -offset indent
1431 .Bd -literal
1438 					 * ptr to an auto-malloced
1467 versions 1.0 - 1.8, 2.0 - 2.4.
1486 .Bd -ragged -offset indent
1487 .An -split