Lines Matching +full:address +full:- +full:address +full:- +full:data
1 .\"-
20 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 .Nd packet aliasing library for masquerading and network address translation
41 library is a collection of functions for aliasing and de-aliasing of IP
42 packets, intended for masquerading and network address translation (NAT).
45 in the process of IP masquerading and network address translation.
47 be aliased to appear as if they came from an accessible IP address.
48 Incoming packets are then de-aliased so that they are sent to the correct
52 In the simplest mode of operation, a many-to-one address mapping takes
55 In addition, one-to-one mappings between local and public addresses can
59 many-to-one mappings.
60 Also, a given public address and port can be statically redirected to a
61 private address/port.
69 function is called afterwards, to set the default aliasing address.
76 .Bd -ragged -offset indent
78 internal data structures.
88 .Bl -item -offset indent -compact
111 .Bd -ragged -offset indent
113 resources attached to internal data structures.
126 .Bd -ragged -offset indent
127 This function sets the source address to which outgoing packets from the
129 All outgoing packets are re-mapped to this address unless overridden by a
130 static address mapping established by
133 packet retains its source address.
138 link tables will be reset any time the aliasing address changes.
142 address may or may not change on successive dial-up attempts.
147 the aliasing address on a packet-to-packet basis (it is a low overhead call).
154 .Bd -ragged -offset indent
163 .Bl -tag -width indent
183 This mode bit is useful for implementing a one-way firewall.
185 If this mode bit is set, the packet-aliasing engine will attempt to leave
195 host address or unknown port number (e.g.\& an FTP data connection), this
202 originate from unregistered address spaces will be ignored.
205 10.0.0.0 -> 10.255.255.255 (Class A subnet)
206 172.16.0.0 -> 172.31.255.255 (Class B subnets)
207 192.168.0.0 -> 192.168.255.255 (Class C subnets)
217 100.64.0.0 -> 100.127.255.255 (RFC 6598 subnet)
221 is called to change the aliasing address, the internal link table of the
225 links where the interface address can sometimes change or remain the same
226 between dial-up attempts.
228 of an address change.
234 .Xr ipfirewall 4 -
236 The holes punched are bound by from/to IP address and port; it will not be
241 (e.g.\& kill -9),
251 to be fed with data that passes through the internal interface rather
269 .Sx NETWORK ADDRESS TRANSLATION
274 When this bit is set, UDP uses endpoint-independent mapping (EIM), as per
276 All packets from the same internal address:port are mapped to the same NAT
277 address:port, regardless of their destination address:port.
280 is unset, any other external address:port can
281 also send to the internal address:port through its mapped NAT address:port.
283 forwarding, but less scalable as each NAT address:port can only be
284 concurrently used by at most one internal address:port.
286 When this bit is unset, UDP packets use endpoint-dependent mapping (EDM)
288 Each connection from a particular internal address:port to different
290 address:port.
292 by port forwarding on the NAT, or tunnelling through an in-between server.
298 .Bd -ragged -offset indent
307 .Bd -ragged -offset indent
333 .Bd -ragged -offset indent
335 de-aliased by this function.
340 indicates the size of the data structure containing the packet and should
344 .Bl -tag -width indent
348 The packet was ignored and not de-aliased.
365 and de-alias them with
374 .Bd -ragged -offset indent
383 IP encoding protocols place address and port information in the encapsulated
384 data stream which has to be modified and can account for changes in packet
389 .Bl -tag -width indent
400 .Sh PORT AND ADDRESS REDIRECTION
404 Individual ports can be re-mapped or static network address translations can
418 .Bd -ragged -offset indent
419 This function specifies that traffic from a given remote address/port to
420 an alias address/port be redirected to a specified local address/port.
434 is zero, this indicates that the packet aliasing address as established
440 is called to change the address after
454 is zero, this indicates to redirect packets from any remote address.
459 The remote port specification will almost always be zero, but non-zero
463 overlap in their address/port specifications, then the most recent call
472 All port numbers should be in network address byte order, so it is necessary
479 data type.
488 .Bd -ragged -offset indent
502 is zero, this indicates that the packet aliasing address as established by
507 is called to change the address after
520 use the same aliasing address, all new incoming traffic to this aliasing
521 address will be redirected to the local address made in the last function
524 several function calls, will be aliased to the same address.
544 will have precedence over address mappings designated by
561 .Bd -ragged -offset indent
564 up for Load Sharing using IP Network Address Translation (RFC 2391, LSNAT).
566 A client attempts to access a server by using the server virtual address.
568 in the server pool, using a real-time load sharing algorithm.
577 host is selected on a round-robin basis only, without regard to load on
598 This function returns 0 on success, \-1 otherwise.
603 .Bd -ragged -offset indent
617 This function returns 0 on success, \-1 otherwise.
622 .Bd -ragged -offset indent
638 .Bd -ragged -offset indent
645 .Bl -tag -width indent
648 pass the original address and port information into the new destination
652 is specified, the original destination address and port are passed
656 is specified, the original destination address and port are passed
657 as the first piece of data in the TCP stream in the format
668 that the data is to be redirected to.
670 must be an IP address rather than a DNS host name.
699 If specified, only packets with a source address matching the given
711 If specified, only packets with a destination address matching the given
737 .Bd -ragged -offset indent
740 from a given remote address to an alias address will be
741 redirected to a specified local address.
747 is zero, this indicates that the packet aliasing address as established
753 is called to change the address after
759 is zero, this indicates to redirect packets from any remote address.
760 Non-zero remote addresses can sometimes be useful for firewalling.
764 overlap in their address specifications, then the most recent call
778 by changing the address according to any applicable mapping set by
780 or the default aliasing address set by
785 subsequent fragments will be re-mapped in the same manner the header
792 .Bd -ragged -offset indent
817 .Bd -ragged -offset indent
838 .Bd -ragged -offset indent
841 it can then be de-aliased with a call to
847 is the pointer to the packet to be de-aliased.
854 .Bd -ragged -offset indent
858 LibAliasSetAddress can change the address that is used.
860 for inbound (ext -> int) traffic.
865 .Bd -ragged -offset indent
866 When an incoming packet not associated with any pre-existing aliasing link
867 arrives at the host machine, it will be sent to the address indicated by a
873 address argument, then all new incoming packets go to the address set by
878 address argument, then all new incoming packets go to the address specified
886 .Bd -ragged -offset indent
890 protocol-specific headers (TCP, UDP, ICMP).
894 argument points to the data block to be checksummed, and
897 The 16-bit checksum field should be zeroed before computing the checksum.
899 Checksums can also be verified by operating on a block of data including
908 .Bd -ragged -offset indent
910 has its private address/port information restored by this function.
916 This function can be used if an already-aliased packet needs to have its
934 which is a 7-tuple describing a specific translation:
935 .Bd -literal -offset indent
940 Outgoing packets have the local address and port number replaced with the
941 alias address and port number.
955 quantities: alias address/port, remote address/port and protocol.
957 same aliasing IP address.
975 Aliasing links can be partially specified, meaning that the remote address
983 .Bd -literal -offset indent
987 The zeros denote unspecified components for the remote address and port.
994 In addition to aliasing links, there are also address mappings that can be
995 stored within the internal data table of the packet aliasing mechanism.
996 .Bd -literal -offset indent
1000 Address mappings are searched when creating new dynamic links.
1004 If an address mapping exists for the outgoing packet, this determines
1005 the alias address to be used.
1006 If no mapping exists, then a default address, usually the address of the
1008 If necessary, this default address can be changed as often as each individual
1024 the ability to load/unload support for new protocols at run-time.
1047 many different address spaces, etc.), we had to change a bit how to
1061 .Bd -literal -offset indent
1087 .Dl "kill -HUP <process_pid>"
1095 .Bd -literal
1111 .Bd -literal
1125 .Bl -inset
1171 .Bd -literal -offset indent
1177 &ud->uh_sport, /* original source port */
1178 &ud->uh_dport, /* original dest port */
1188 All data useful to a module are gathered together in an
1197 .Bl -tag -width indent
1243 .Bd -literal
1249 * dlopen() - use this ptr to get access
1257 .Bl -inset
1278 .Bd -literal
1316 .Bd -literal
1318 mod_handler(module_t mod, int type, void *data)
1345 .Bd -literal
1372 .Bl -enum
1398 .Bd -literal -offset indent
1431 .Bd -literal
1438 * ptr to an auto-malloced
1467 versions 1.0 - 1.8, 2.0 - 2.4.
1486 .Bd -ragged -offset indent
1487 .An -split