Lines Matching +full:link +full:- +full:signal +full:- +full:sources
1 .\"-
41 library is a collection of functions for aliasing and de-aliasing of IP
48 Incoming packets are then de-aliased so that they are sent to the correct
52 In the simplest mode of operation, a many-to-one address mapping takes
55 In addition, one-to-one mappings between local and public addresses can
59 many-to-one mappings.
76 .Bd -ragged -offset indent
88 .Bl -item -offset indent -compact
111 .Bd -ragged -offset indent
126 .Bd -ragged -offset indent
129 All outgoing packets are re-mapped to this address unless overridden by a
138 link tables will be reset any time the aliasing address changes.
142 address may or may not change on successive dial-up attempts.
147 the aliasing address on a packet-to-packet basis (it is a low overhead call).
154 .Bd -ragged -offset indent
163 .Bl -tag -width indent
167 Each time an aliasing link is created or deleted, the log file is appended to
183 This mode bit is useful for implementing a one-way firewall.
185 If this mode bit is set, the packet-aliasing engine will attempt to leave
205 10.0.0.0 -> 10.255.255.255 (/8)
206 172.16.0.0 -> 172.31.255.255 (/16)
207 192.168.0.0 -> 192.168.255.255 (/24)
217 100.64.0.0 -> 100.127.255.255 (RFC 6598 subnet)
221 is called to change the aliasing address, the internal link table of the
226 between dial-up attempts.
227 If this mode bit is not set, the link table will never be reset in the event
234 .Xr ipfirewall 4 -
241 (e.g.\& kill -9),
274 When this bit is set, UDP uses endpoint-independent mapping (EIM), as per
286 When this bit is unset, UDP packets use endpoint-dependent mapping (EDM)
292 by port forwarding on the NAT, or tunnelling through an in-between server.
298 .Bd -ragged -offset indent
307 .Bd -ragged -offset indent
333 .Bd -ragged -offset indent
335 de-aliased by this function.
344 .Bl -tag -width indent
348 The packet was ignored and not de-aliased.
363 This is a signal to retrieve any unresolved fragments with
365 and de-alias them with
374 .Bd -ragged -offset indent
389 .Bl -tag -width indent
404 Individual ports can be re-mapped or static network address translations can
418 .Bd -ragged -offset indent
444 If the link is further set up to operate with load sharing, then
459 The remote port specification will almost always be zero, but non-zero
488 .Bd -ragged -offset indent
511 If the link is further set up to operate with load sharing, then the
557 .Fa "struct alias_link *link"
561 .Bd -ragged -offset indent
563 .Fa link
568 in the server pool, using a real-time load sharing algorithm.
577 host is selected on a round-robin basis only, without regard to load on
581 .Fa link
589 .Fa link Ns 's
598 This function returns 0 on success, \-1 otherwise.
602 .Fn LibAliasRedirectDynamic "struct libalias *" "struct alias_link *link"
603 .Bd -ragged -offset indent
617 This function returns 0 on success, \-1 otherwise.
621 .Fn LibAliasRedirectDelete "struct libalias *" "struct alias_link *link"
622 .Bd -ragged -offset indent
628 .Fa link
638 .Bd -ragged -offset indent
645 .Bl -tag -width indent
737 .Bd -ragged -offset indent
760 Non-zero remote addresses can sometimes be useful for firewalling.
785 subsequent fragments will be re-mapped in the same manner the header
792 .Bd -ragged -offset indent
817 .Bd -ragged -offset indent
838 .Bd -ragged -offset indent
841 it can then be de-aliased with a call to
847 is the pointer to the packet to be de-aliased.
854 .Bd -ragged -offset indent
857 introduces some dynamic character into the link, since
860 for inbound (ext -> int) traffic.
865 .Bd -ragged -offset indent
866 When an incoming packet not associated with any pre-existing aliasing link
886 .Bd -ragged -offset indent
890 protocol-specific headers (TCP, UDP, ICMP).
897 The 16-bit checksum field should be zeroed before computing the checksum.
908 .Bd -ragged -offset indent
916 This function can be used if an already-aliased packet needs to have its
927 .Em aliasing link
933 .Em aliasing link ,
934 which is a 7-tuple describing a specific translation:
935 .Bd -literal -offset indent
954 Each aliasing link must have a unique combination of the following five
967 associated aliasing link should be deleted.
970 When no activity is observed on a dynamic link for a certain amount of time
978 a fully specified dynamic link is created.
979 If the original partially specified link is dynamic, it will be deleted
980 after the fully specified link is created, otherwise it will persist.
982 For instance, a partially specified link might be
983 .Bd -literal -offset indent
988 If this link were static it would have the effect of redirecting all
992 dynamic link.
993 .Ss DYNAMIC LINK CREATION
996 .Bd -literal -offset indent
1003 link if they do not match an already existing fully specified link.
1011 The aliasing port number is determined such that the new dynamic link does
1016 a unique aliasing link can be established.
1024 the ability to load/unload support for new protocols at run-time.
1027 These modules are compiled from the same sources but work in
1061 .Bd -literal -offset indent
1080 signal handler, add a call to
1085 signal:
1087 .Dl "kill -HUP <process_pid>"
1095 .Bd -literal
1111 .Bd -literal
1120 TAILQ_ENTRY(proto_handler) link;
1125 .Bl -inset
1171 .Bd -literal -offset indent
1177 &ud->uh_sport, /* original source port */
1178 &ud->uh_dport, /* original dest port */
1197 .Bl -tag -width indent
1243 .Bd -literal
1249 * dlopen() - use this ptr to get access
1257 .Bl -inset
1278 .Bd -literal
1316 .Bd -literal
1345 .Bd -literal
1372 .Bl -enum
1382 .Dl "#include <signal.h>"
1392 .Dl "signal(SIGHUP, signal_handler);"
1398 .Bd -literal -offset indent
1409 signal, just add a call to
1411 in the signal handler function.
1431 .Bd -literal
1438 * ptr to an auto-malloced
1467 versions 1.0 - 1.8, 2.0 - 2.4.
1486 .Bd -ragged -offset indent
1487 .An -split