src/lib/libalias/alias.c, branch release/4.1.0_cvs FreeBSD source tree This commit was manufactured by cvs2svn to create tag 2000-07-26T21:12:35+00:00 cvs2svn cvs2svn@FreeBSD.org 2000-07-26T21:12:35+00:00 7f1bf9342879a7ee2dd88e11a33ae7509eab55b0 'RELENG_4_1_0_RELEASE'. This commit was manufactured to restore the state of the 4.1-RELEASE image. Releases prior to 5.3-RELEASE are omitting the secure/ and crypto/ subdirs. 
'RELENG_4_1_0_RELEASE'.

This commit was manufactured to restore the state of the 4.1-RELEASE image.
Releases prior to 5.3-RELEASE are omitting the secure/ and crypto/ subdirs.
MFC: 2000-06-27T16:29:31+00:00 Ruslan Ermilov ru@FreeBSD.org 2000-06-27T16:29:31+00:00 9a3a008e7256e8062efabbc2fa1e98b86ff2c2aa - Added support for FTP EPRT (RFC 2428) command. - Added support for passive mode FTP servers behind NAT. - Added security checks for FTP aliasing. - Load Sharing using IP Network Address Translation (RFC 2391). - Real PPTP support. 
- Added support for FTP EPRT (RFC 2428) command.
- Added support for passive mode FTP servers behind NAT.
- Added security checks for FTP aliasing.
- Load Sharing using IP Network Address Translation (RFC 2391).
- Real PPTP support.
- Optimization to the previous (rev 1.15) commit. 1999-09-10T15:27:34+00:00 Ruslan Ermilov ru@FreeBSD.org 1999-09-10T15:27:34+00:00 92da29a00df7e198966bfffd678b356e8317ddbd Requested by: eivind Discussed with: eivind Reviewed by: brian, eivind 
Requested by:	eivind
Discussed with:	eivind
Reviewed by:	brian, eivind
Handle TCP reset sequence properly. 1999-09-09T13:42:51+00:00 Ruslan Ermilov ru@FreeBSD.org 1999-09-09T13:42:51+00:00 29d958bb8a7d29fac97f5d3d95d3474333c5fa1e In the words of originator: :If an incoming connection is initiated through natd and deny_incoming is :not set, then a new alias_link structure is created to handle the link. :If there is nothing listening for the incoming connection, then the kernel :responds with a RST for the connection. However, this is not processed :correctly in libalias/alias.c:TcpMonitor{In,Out} and :libalias/alias_db.c:SetState{In,Out} as it thinks a connection :has been established and therefore applies a timeout of 86400 seconds :to the link. : :If many of these half-connections are initiated (during, for example, a :port scan of the host), then many thousands of unnecessary links are :created and the resident size of natd balloons to 20MB or more. PR: 13639 Reviewed by: brian 
In the words of originator:
:If an incoming connection is initiated through natd and deny_incoming is
:not set, then a new alias_link structure is created to handle the link.
:If there is nothing listening for the incoming connection, then the kernel
:responds with a RST for the connection. However, this is not processed
:correctly in libalias/alias.c:TcpMonitor{In,Out} and
:libalias/alias_db.c:SetState{In,Out} as it thinks a connection
:has been established and therefore applies a timeout of 86400 seconds
:to the link.
:
:If many of these half-connections are initiated (during, for example, a
:port scan of the host), then many thousands of unnecessary links are
:created and the resident size of natd balloons to 20MB or more.

PR:		13639
Reviewed by:	brian
Add $FreeBSD$ and spell Eklund properly. 1999-08-29T23:17:04+00:00 Bill Fumerola billf@FreeBSD.org 1999-08-29T23:17:04+00:00 a5a388c7ab93c4e89cc091d7a47a1ba58697261f Approved by: brian (well, he approved adding $Id$) 
Approved by:	brian (well, he approved adding $Id$)
Aallow ppp to work with Nortel Networks Extranet Switch 1999-08-22T23:32:01+00:00 Brian Somers brian@FreeBSD.org 1999-08-22T23:32:01+00:00 7765ab64760835ce827a469c2f799054f43bc88f product and Windows NT tunneling. Submitted by: Chain Lee <chain@nortelnetworks.com> 
product and Windows NT tunneling.

Submitted by: Chain Lee <chain@nortelnetworks.com>
Don't get caught in an infinite recursion when PKT_ALIAS_REVERSE 1999-06-22T11:20:03+00:00 Brian Somers brian@FreeBSD.org 1999-06-22T11:20:03+00:00 0622eafc89d86e8dd20dda2d88940fb75e3f8cfd is set. Document PKT_ALIAS_REVERSE. Pointed out by: Jonathan Hanna <jh@cr1003333-a.crdva1.bc.home.com> PR: 12304 
is set.
Document PKT_ALIAS_REVERSE.

Pointed out by:	Jonathan Hanna <jh@cr1003333-a.crdva1.bc.home.com>
PR:		12304
Remove duplicate line. 1999-03-23T23:01:15+00:00 Bill Fumerola billf@FreeBSD.org 1999-03-23T23:01:15+00:00 26bb9565635d2e907003f50992d8322dce1ccd34 Reviewed by: eivind 
Reviewed by:	eivind
Version 3.0: January 1, 1999 1999-02-27T02:16:01+00:00 Brian Somers brian@FreeBSD.org 1999-02-27T02:16:01+00:00 7d96f4efd258d006626436837be5c6add536afdd - Transparent proxying support added. - PPTP redirecting support added based on patches contributed by Dru Nelson <dnelson@redwoodsoft.com>. Submitted by: Charles Mott <cmott@srv.net> 
    - Transparent proxying support added.
    - PPTP redirecting support added based on patches
      contributed by Dru Nelson <dnelson@redwoodsoft.com>.

Submitted by: Charles Mott <cmott@srv.net>
Reviewed by: freebsd-current 1998-12-14T02:25:32+00:00 Matthew Dillon dillon@FreeBSD.org 1998-12-14T02:25:32+00:00 374fad8b171448b2cfe3aef740de0411aaed7928 Add bounds checking to netbios NS packet resolving code. This should prevent natd from crashing on badly formed netbios packets (as might be heard when the machine is sitting on a cable modem or certain DSL networks), and also closes potential security holes that might have exploited the lack of bounds checking in the previous version of the code. 
    Add bounds checking to netbios NS packet resolving code.  This should
    prevent natd from crashing on badly formed netbios packets (as might be
    heard when the machine is sitting on a cable modem or certain DSL
    networks), and also closes potential security holes that might have
    exploited the lack of bounds checking in the previous version of the
    code.