From owner-cvs-src@FreeBSD.ORG  Fri Dec 29 21:59:19 2006
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D227716A415;
	Fri, 29 Dec 2006 21:59:19 +0000 (UTC)
	(envelope-from piso@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.freebsd.org (Postfix) with ESMTP id C2C1D13C45D;
	Fri, 29 Dec 2006 21:59:19 +0000 (UTC)
	(envelope-from piso@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kBTLxI8L046967;
	Fri, 29 Dec 2006 21:59:18 GMT
	(envelope-from piso@repoman.freebsd.org)
Received: (from piso@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kBTLxITF046966;
	Fri, 29 Dec 2006 21:59:18 GMT (envelope-from piso)
Message-Id: <200612292159.kBTLxITF046966@repoman.freebsd.org>
From: Paolo Pisati <piso@FreeBSD.org>
Date: Fri, 29 Dec 2006 21:59:18 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: src/etc rc.firewall src/sbin/ipfw ipfw.8 ipfw2.c
 src/sys/netinet in.h ip_fw.h ip_fw2.c ip_fw_pfil.c raw_ip.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Dec 2006 21:59:19 -0000

piso        2006-12-29 21:59:18 UTC

  FreeBSD src repository

  Modified files:
    etc                  rc.firewall 
    sbin/ipfw            ipfw.8 ipfw2.c 
    sys/netinet          in.h ip_fw.h ip_fw2.c ip_fw_pfil.c 
                         raw_ip.c 
  Log:
  Summer of Code 2005: improve libalias - part 2 of 2
  
  With the second (and last) part of my previous Summer of Code work, we get:
  
  -ipfw's in kernel nat
  
  -redirect_* and LSNAT support
  
  General information about nat syntax and some examples are available
  in the ipfw (8) man page. The redirect and LSNAT syntax are identical
  to natd, so please refer to natd (8) man page.
  
  To enable in kernel nat in rc.conf, two options were added:
  
  o firewall_nat_enable: equivalent to natd_enable
  
  o firewall_nat_interface: equivalent to natd_interface
  
  Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet
  to continue being checked by the firewall ruleset after being
  (de)aliased.
  
  NOTA BENE: due to some problems with libalias architecture, in kernel
  nat won't work with TSO enabled nic, thus you have to disable TSO via
  ifconfig (ifconfig foo0 -tso).
  
  Approved by: glebius (mentor)
  
  Revision  Changes    Path
  1.50      +8 -0      src/etc/rc.firewall
  1.198     +114 -0    src/sbin/ipfw/ipfw.8
  1.100     +908 -9    src/sbin/ipfw/ipfw2.c
  1.97      +5 -0      src/sys/netinet/in.h
  1.109     +60 -0     src/sys/netinet/ip_fw.h
  1.156     +546 -2    src/sys/netinet/ip_fw2.c
  1.24      +6 -0      src/sys/netinet/ip_fw_pfil.c
  1.169     +4 -0      src/sys/netinet/raw_ip.c