1 /*-
2 * Copyright (c) 2008 Paolo Pisati
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29
30 #include <sys/param.h>
31 #include <sys/systm.h>
32 #include <sys/condvar.h>
33 #include <sys/eventhandler.h>
34 #include <sys/malloc.h>
35 #include <sys/mbuf.h>
36 #include <sys/kernel.h>
37 #include <sys/lock.h>
38 #include <sys/jail.h>
39 #include <sys/module.h>
40 #include <sys/priv.h>
41 #include <sys/proc.h>
42 #include <sys/rwlock.h>
43 #include <sys/socket.h>
44 #include <sys/socketvar.h>
45 #include <sys/sysctl.h>
46 #include <sys/syslog.h>
47 #include <sys/ucred.h>
48
49 #include <netinet/libalias/alias.h>
50 #include <netinet/libalias/alias_local.h>
51
52 #define IPFW_INTERNAL /* Access to protected data structures in ip_fw.h. */
53
54 #include <net/if.h>
55 #include <netinet/in.h>
56 #include <netinet/ip.h>
57 #include <netinet/ip_var.h>
58 #include <netinet/ip_icmp.h>
59 #include <netinet/ip_fw.h>
60 #include <netinet/tcp.h>
61 #include <netinet/tcp_timer.h>
62 #include <netinet/tcp_var.h>
63 #include <netinet/tcpip.h>
64 #include <netinet/udp.h>
65 #include <netinet/udp_var.h>
66
67 #include <machine/in_cksum.h> /* XXX for in_cksum */
68
69 MALLOC_DECLARE(M_IPFW);
70
71 extern struct ip_fw_chain layer3_chain;
72
73 static eventhandler_tag ifaddr_event_tag;
74
75 extern ipfw_nat_t *ipfw_nat_ptr;
76 extern ipfw_nat_cfg_t *ipfw_nat_cfg_ptr;
77 extern ipfw_nat_cfg_t *ipfw_nat_del_ptr;
78 extern ipfw_nat_cfg_t *ipfw_nat_get_cfg_ptr;
79 extern ipfw_nat_cfg_t *ipfw_nat_get_log_ptr;
80
81 static void
82 ifaddr_change(void *arg __unused, struct ifnet *ifp)
83 {
84 struct cfg_nat *ptr;
85 struct ifaddr *ifa;
86
87 IPFW_WLOCK(&layer3_chain);
88 /* Check every nat entry... */
89 LIST_FOREACH(ptr, &layer3_chain.nat, _next) {
90 /* ...using nic 'ifp->if_xname' as dynamic alias address. */
91 if (strncmp(ptr->if_name, ifp->if_xname, IF_NAMESIZE) == 0) {
92 mtx_lock(&ifp->if_addr_mtx);
93 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
94 if (ifa->ifa_addr == NULL)
95 continue;
96 if (ifa->ifa_addr->sa_family != AF_INET)
97 continue;
98 ptr->ip = ((struct sockaddr_in *)
99 (ifa->ifa_addr))->sin_addr;
100 LibAliasSetAddress(ptr->lib, ptr->ip);
101 }
102 mtx_unlock(&ifp->if_addr_mtx);
103 }
104 }
105 IPFW_WUNLOCK(&layer3_chain);
106 }
107
108 static void
109 flush_nat_ptrs(const int i)
110 {
111 struct ip_fw *rule;
112
113 IPFW_WLOCK_ASSERT(&layer3_chain);
114 for (rule = layer3_chain.rules; rule; rule = rule->next) {
115 ipfw_insn_nat *cmd = (ipfw_insn_nat *)ACTION_PTR(rule);
116 if (cmd->o.opcode != O_NAT)
117 continue;
118 if (cmd->nat != NULL && cmd->nat->id == i)
119 cmd->nat = NULL;
120 }
121 }
122
123 #define HOOK_NAT(b, p) do { \
124 IPFW_WLOCK_ASSERT(&layer3_chain); \
125 LIST_INSERT_HEAD(b, p, _next); \
126 } while (0)
127
128 #define UNHOOK_NAT(p) do { \
129 IPFW_WLOCK_ASSERT(&layer3_chain); \
130 LIST_REMOVE(p, _next); \
131 } while (0)
132
133 #define HOOK_REDIR(b, p) do { \
134 LIST_INSERT_HEAD(b, p, _next); \
135 } while (0)
136
137 #define HOOK_SPOOL(b, p) do { \
138 LIST_INSERT_HEAD(b, p, _next); \
139 } while (0)
140
141 static void
142 del_redir_spool_cfg(struct cfg_nat *n, struct redir_chain *head)
143 {
144 struct cfg_redir *r, *tmp_r;
145 struct cfg_spool *s, *tmp_s;
146 int i, num;
147
148 LIST_FOREACH_SAFE(r, head, _next, tmp_r) {
149 num = 1; /* Number of alias_link to delete. */
150 switch (r->mode) {
151 case REDIR_PORT:
152 num = r->pport_cnt;
153 /* FALLTHROUGH */
154 case REDIR_ADDR:
155 case REDIR_PROTO:
156 /* Delete all libalias redirect entry. */
157 for (i = 0; i < num; i++)
158 LibAliasRedirectDelete(n->lib, r->alink[i]);
159 /* Del spool cfg if any. */
160 LIST_FOREACH_SAFE(s, &r->spool_chain, _next, tmp_s) {
161 LIST_REMOVE(s, _next);
162 free(s, M_IPFW);
163 }
164 free(r->alink, M_IPFW);
165 LIST_REMOVE(r, _next);
166 free(r, M_IPFW);
167 break;
168 default:
169 printf("unknown redirect mode: %u\n", r->mode);
170 /* XXX - panic?!?!? */
171 break;
172 }
173 }
174 }
175
176 static int
177 add_redir_spool_cfg(char *buf, struct cfg_nat *ptr)
178 {
179 struct cfg_redir *r, *ser_r;
180 struct cfg_spool *s, *ser_s;
181 int cnt, off, i;
182 char *panic_err;
183
184 for (cnt = 0, off = 0; cnt < ptr->redir_cnt; cnt++) {
185 ser_r = (struct cfg_redir *)&buf[off];
186 r = malloc(SOF_REDIR, M_IPFW, M_WAITOK | M_ZERO);
187 memcpy(r, ser_r, SOF_REDIR);
188 LIST_INIT(&r->spool_chain);
189 off += SOF_REDIR;
190 r->alink = malloc(sizeof(struct alias_link *) * r->pport_cnt,
191 M_IPFW, M_WAITOK | M_ZERO);
192 switch (r->mode) {
193 case REDIR_ADDR:
194 r->alink[0] = LibAliasRedirectAddr(ptr->lib, r->laddr,
195 r->paddr);
196 break;
197 case REDIR_PORT:
198 for (i = 0 ; i < r->pport_cnt; i++) {
199 /* If remotePort is all ports, set it to 0. */
200 u_short remotePortCopy = r->rport + i;
201 if (r->rport_cnt == 1 && r->rport == 0)
202 remotePortCopy = 0;
203 r->alink[i] = LibAliasRedirectPort(ptr->lib,
204 r->laddr, htons(r->lport + i), r->raddr,
205 htons(remotePortCopy), r->paddr,
206 htons(r->pport + i), r->proto);
207 if (r->alink[i] == NULL) {
208 r->alink[0] = NULL;
209 break;
210 }
211 }
212 break;
213 case REDIR_PROTO:
214 r->alink[0] = LibAliasRedirectProto(ptr->lib ,r->laddr,
215 r->raddr, r->paddr, r->proto);
216 break;
217 default:
218 printf("unknown redirect mode: %u\n", r->mode);
219 break;
220 }
221 if (r->alink[0] == NULL) {
222 panic_err = "LibAliasRedirect* returned NULL";
223 goto bad;
224 } else /* LSNAT handling. */
225 for (i = 0; i < r->spool_cnt; i++) {
226 ser_s = (struct cfg_spool *)&buf[off];
227 s = malloc(SOF_REDIR, M_IPFW,
228 M_WAITOK | M_ZERO);
229 memcpy(s, ser_s, SOF_SPOOL);
230 LibAliasAddServer(ptr->lib, r->alink[0],
231 s->addr, htons(s->port));
232 off += SOF_SPOOL;
233 /* Hook spool entry. */
234 HOOK_SPOOL(&r->spool_chain, s);
235 }
236 /* And finally hook this redir entry. */
237 HOOK_REDIR(&ptr->redir_chain, r);
238 }
239 return (1);
240 bad:
241 /* something really bad happened: panic! */
242 panic("%s\n", panic_err);
243 }
244
245 static int
246 ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
247 {
248 struct mbuf *mcl;
249 struct ip *ip;
250 /* XXX - libalias duct tape */
251 int ldt, retval;
252 char *c;
253
254 ldt = 0;
255 retval = 0;
256 if ((mcl = m_megapullup(m, m->m_pkthdr.len)) ==
257 NULL)
258 goto badnat;
259 ip = mtod(mcl, struct ip *);
260 if (args->eh == NULL) {
261 ip->ip_len = htons(ip->ip_len);
262 ip->ip_off = htons(ip->ip_off);
263 }
264
265 /*
266 * XXX - Libalias checksum offload 'duct tape':
267 *
268 * locally generated packets have only
269 * pseudo-header checksum calculated
270 * and libalias will screw it[1], so
271 * mark them for later fix. Moreover
272 * there are cases when libalias
273 * modify tcp packet data[2], mark it
274 * for later fix too.
275 *
276 * [1] libalias was never meant to run
277 * in kernel, so it doesn't have any
278 * knowledge about checksum
279 * offloading, and it expects a packet
280 * with a full internet
281 * checksum. Unfortunately, packets
282 * generated locally will have just the
283 * pseudo header calculated, and when
284 * libalias tries to adjust the
285 * checksum it will actually screw it.
286 *
287 * [2] when libalias modify tcp's data
288 * content, full TCP checksum has to
289 * be recomputed: the problem is that
290 * libalias doesn't have any idea
291 * about checksum offloading To
292 * workaround this, we do not do
293 * checksumming in LibAlias, but only
294 * mark the packets in th_x2 field. If
295 * we receive a marked packet, we
296 * calculate correct checksum for it
297 * aware of offloading. Why such a
298 * terrible hack instead of
299 * recalculating checksum for each
300 * packet? Because the previous
301 * checksum was not checked!
302 * Recalculating checksums for EVERY
303 * packet will hide ALL transmission
304 * errors. Yes, marked packets still
305 * suffer from this problem. But,
306 * sigh, natd(8) has this problem,
307 * too.
308 *
309 * TODO: -make libalias mbuf aware (so
310 * it can handle delayed checksum and tso)
311 */
312
313 if (mcl->m_pkthdr.rcvif == NULL &&
314 mcl->m_pkthdr.csum_flags &
315 CSUM_DELAY_DATA)
316 ldt = 1;
317
318 c = mtod(mcl, char *);
319 if (args->oif == NULL)
320 retval = LibAliasIn(t->lib, c,
321 mcl->m_len + M_TRAILINGSPACE(mcl));
322 else
323 retval = LibAliasOut(t->lib, c,
324 mcl->m_len + M_TRAILINGSPACE(mcl));
325 /*
326 * We drop packet when:
327 * 1. libalias returns PKT_ALIAS_ERROR;
328 * 2. For incoming packets:
329 * a) for unresolved fragments;
330 * b) libalias returns PKT_ALIAS_IGNORED and
331 * PKT_ALIAS_DENY_INCOMING flag is set.
332 */
333 if (retval == PKT_ALIAS_ERROR ||
334 (args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
335 (retval == PKT_ALIAS_IGNORED &&
336 (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
337 /* XXX - should i add some logging? */
338 m_free(mcl);
339 badnat:
340 args->m = NULL;
341 return (IP_FW_DENY);
342 }
343 mcl->m_pkthdr.len = mcl->m_len =
344 ntohs(ip->ip_len);
345
346 /*
347 * XXX - libalias checksum offload
348 * 'duct tape' (see above)
349 */
350
351 if ((ip->ip_off & htons(IP_OFFMASK)) == 0 &&
352 ip->ip_p == IPPROTO_TCP) {
353 struct tcphdr *th;
354
355 th = (struct tcphdr *)(ip + 1);
356 if (th->th_x2)
357 ldt = 1;
358 }
359
360 if (ldt) {
361 struct tcphdr *th;
362 struct udphdr *uh;
363 u_short cksum;
364
365 ip->ip_len = ntohs(ip->ip_len);
366 cksum = in_pseudo(
367 ip->ip_src.s_addr,
368 ip->ip_dst.s_addr,
369 htons(ip->ip_p + ip->ip_len - (ip->ip_hl << 2))
370 );
371
372 switch (ip->ip_p) {
373 case IPPROTO_TCP:
374 th = (struct tcphdr *)(ip + 1);
375 /*
376 * Maybe it was set in
377 * libalias...
378 */
379 th->th_x2 = 0;
380 th->th_sum = cksum;
381 mcl->m_pkthdr.csum_data =
382 offsetof(struct tcphdr, th_sum);
383 break;
384 case IPPROTO_UDP:
385 uh = (struct udphdr *)(ip + 1);
386 uh->uh_sum = cksum;
387 mcl->m_pkthdr.csum_data =
388 offsetof(struct udphdr, uh_sum);
389 break;
390 }
391 /*
392 * No hw checksum offloading: do it
393 * by ourself.
394 */
395 if ((mcl->m_pkthdr.csum_flags &
396 CSUM_DELAY_DATA) == 0) {
397 in_delayed_cksum(mcl);
398 mcl->m_pkthdr.csum_flags &=
399 ~CSUM_DELAY_DATA;
400 }
401 ip->ip_len = htons(ip->ip_len);
402 }
403
404 if (args->eh == NULL) {
405 ip->ip_len = ntohs(ip->ip_len);
406 ip->ip_off = ntohs(ip->ip_off);
407 }
408
409 args->m = mcl;
410 return (IP_FW_NAT);
411 }
412
413 static int
414 ipfw_nat_cfg(struct sockopt *sopt)
415 {
416 struct cfg_nat *ptr, *ser_n;
417 char *buf;
418
419 buf = malloc(NAT_BUF_LEN, M_IPFW, M_WAITOK | M_ZERO);
420 sooptcopyin(sopt, buf, NAT_BUF_LEN,
421 sizeof(struct cfg_nat));
422 ser_n = (struct cfg_nat *)buf;
423
424 /*
425 * Find/create nat rule.
426 */
427 IPFW_WLOCK(&layer3_chain);
428 LOOKUP_NAT(layer3_chain, ser_n->id, ptr);
429 if (ptr == NULL) {
430 /* New rule: allocate and init new instance. */
431 ptr = malloc(sizeof(struct cfg_nat),
432 M_IPFW, M_NOWAIT | M_ZERO);
433 if (ptr == NULL) {
434 IPFW_WUNLOCK(&layer3_chain);
435 free(buf, M_IPFW);
436 return (ENOSPC);
437 }
438 ptr->lib = LibAliasInit(NULL);
439 if (ptr->lib == NULL) {
440 IPFW_WUNLOCK(&layer3_chain);
441 free(ptr, M_IPFW);
442 free(buf, M_IPFW);
443 return (EINVAL);
444 }
445 LIST_INIT(&ptr->redir_chain);
446 } else {
447 /* Entry already present: temporarly unhook it. */
448 UNHOOK_NAT(ptr);
449 flush_nat_ptrs(ser_n->id);
450 }
451 IPFW_WUNLOCK(&layer3_chain);
452
453 /*
454 * Basic nat configuration.
455 */
456 ptr->id = ser_n->id;
457 /*
458 * XXX - what if this rule doesn't nat any ip and just
459 * redirect?
460 * do we set aliasaddress to 0.0.0.0?
461 */
462 ptr->ip = ser_n->ip;
463 ptr->redir_cnt = ser_n->redir_cnt;
464 ptr->mode = ser_n->mode;
465 LibAliasSetMode(ptr->lib, ser_n->mode, ser_n->mode);
466 LibAliasSetAddress(ptr->lib, ptr->ip);
467 memcpy(ptr->if_name, ser_n->if_name, IF_NAMESIZE);
468
469 /*
470 * Redir and LSNAT configuration.
471 */
472 /* Delete old cfgs. */
473 del_redir_spool_cfg(ptr, &ptr->redir_chain);
474 /* Add new entries. */
475 add_redir_spool_cfg(&buf[(sizeof(struct cfg_nat))], ptr);
476 free(buf, M_IPFW);
477 IPFW_WLOCK(&layer3_chain);
478 HOOK_NAT(&layer3_chain.nat, ptr);
479 IPFW_WUNLOCK(&layer3_chain);
480 return (0);
481 }
482
483 static int
484 ipfw_nat_del(struct sockopt *sopt)
485 {
486 struct cfg_nat *ptr;
487 int i;
488
489 sooptcopyin(sopt, &i, sizeof i, sizeof i);
490 IPFW_WLOCK(&layer3_chain);
491 LOOKUP_NAT(layer3_chain, i, ptr);
492 if (ptr == NULL) {
493 IPFW_WUNLOCK(&layer3_chain);
494 return (EINVAL);
495 }
496 UNHOOK_NAT(ptr);
497 flush_nat_ptrs(i);
498 IPFW_WUNLOCK(&layer3_chain);
499 del_redir_spool_cfg(ptr, &ptr->redir_chain);
500 LibAliasUninit(ptr->lib);
501 free(ptr, M_IPFW);
502 return (0);
503 }
504
505 static int
506 ipfw_nat_get_cfg(struct sockopt *sopt)
507 {
508 uint8_t *data;
509 struct cfg_nat *n;
510 struct cfg_redir *r;
511 struct cfg_spool *s;
512 int nat_cnt, off;
513
514 nat_cnt = 0;
515 off = sizeof(nat_cnt);
516
517 data = malloc(NAT_BUF_LEN, M_IPFW, M_WAITOK | M_ZERO);
518 IPFW_RLOCK(&layer3_chain);
519 /* Serialize all the data. */
520 LIST_FOREACH(n, &layer3_chain.nat, _next) {
521 nat_cnt++;
522 if (off + SOF_NAT < NAT_BUF_LEN) {
523 bcopy(n, &data[off], SOF_NAT);
524 off += SOF_NAT;
525 LIST_FOREACH(r, &n->redir_chain, _next) {
526 if (off + SOF_REDIR < NAT_BUF_LEN) {
527 bcopy(r, &data[off],
528 SOF_REDIR);
529 off += SOF_REDIR;
530 LIST_FOREACH(s, &r->spool_chain,
531 _next) {
532 if (off + SOF_SPOOL <
533 NAT_BUF_LEN) {
534 bcopy(s, &data[off],
535 SOF_SPOOL);
536 off += SOF_SPOOL;
537 } else
538 goto nospace;
539 }
540 } else
541 goto nospace;
542 }
543 } else
544 goto nospace;
545 }
546 bcopy(&nat_cnt, data, sizeof(nat_cnt));
547 IPFW_RUNLOCK(&layer3_chain);
548 sooptcopyout(sopt, data, NAT_BUF_LEN);
549 free(data, M_IPFW);
550 return (0);
551 nospace:
552 IPFW_RUNLOCK(&layer3_chain);
553 printf("serialized data buffer not big enough:"
554 "please increase NAT_BUF_LEN\n");
555 free(data, M_IPFW);
556 return (ENOSPC);
557 }
558
559 static int
560 ipfw_nat_get_log(struct sockopt *sopt)
561 {
562 uint8_t *data;
563 struct cfg_nat *ptr;
564 int i, size, cnt, sof;
565
566 data = NULL;
567 sof = LIBALIAS_BUF_SIZE;
568 cnt = 0;
569
570 IPFW_RLOCK(&layer3_chain);
571 size = i = 0;
572 LIST_FOREACH(ptr, &layer3_chain.nat, _next) {
573 if (ptr->lib->logDesc == NULL)
574 continue;
575 cnt++;
576 size = cnt * (sof + sizeof(int));
577 data = realloc(data, size, M_IPFW, M_NOWAIT | M_ZERO);
578 if (data == NULL) {
579 IPFW_RUNLOCK(&layer3_chain);
580 return (ENOSPC);
581 }
582 bcopy(&ptr->id, &data[i], sizeof(int));
583 i += sizeof(int);
584 bcopy(ptr->lib->logDesc, &data[i], sof);
585 i += sof;
586 }
587 IPFW_RUNLOCK(&layer3_chain);
588 sooptcopyout(sopt, data, size);
589 free(data, M_IPFW);
590 return(0);
591 }
592
593 static void
594 ipfw_nat_init(void)
595 {
596
597 IPFW_WLOCK(&layer3_chain);
598 /* init ipfw hooks */
599 ipfw_nat_ptr = ipfw_nat;
600 ipfw_nat_cfg_ptr = ipfw_nat_cfg;
601 ipfw_nat_del_ptr = ipfw_nat_del;
602 ipfw_nat_get_cfg_ptr = ipfw_nat_get_cfg;
603 ipfw_nat_get_log_ptr = ipfw_nat_get_log;
604 IPFW_WUNLOCK(&layer3_chain);
605 ifaddr_event_tag = EVENTHANDLER_REGISTER(ifaddr_event, ifaddr_change,
606 NULL, EVENTHANDLER_PRI_ANY);
607 }
608
609 static void
610 ipfw_nat_destroy(void)
611 {
612 struct ip_fw *rule;
613 struct cfg_nat *ptr, *ptr_temp;
614
615 IPFW_WLOCK(&layer3_chain);
616 LIST_FOREACH_SAFE(ptr, &layer3_chain.nat, _next, ptr_temp) {
617 LIST_REMOVE(ptr, _next);
618 del_redir_spool_cfg(ptr, &ptr->redir_chain);
619 LibAliasUninit(ptr->lib);
620 free(ptr, M_IPFW);
621 }
622 EVENTHANDLER_DEREGISTER(ifaddr_event, ifaddr_event_tag);
623 /* flush all nat ptrs */
624 for (rule = layer3_chain.rules; rule; rule = rule->next) {
625 ipfw_insn_nat *cmd = (ipfw_insn_nat *)ACTION_PTR(rule);
626 if (cmd->o.opcode == O_NAT)
627 cmd->nat = NULL;
628 }
629 /* deregister ipfw_nat */
630 ipfw_nat_ptr = NULL;
631 IPFW_WUNLOCK(&layer3_chain);
632 }
633
634 static int
635 ipfw_nat_modevent(module_t mod, int type, void *unused)
636 {
637 int err = 0;
638
639 switch (type) {
640 case MOD_LOAD:
641 ipfw_nat_init();
642 break;
643
644 case MOD_UNLOAD:
645 ipfw_nat_destroy();
646 break;
647
648 default:
649 return EOPNOTSUPP;
650 break;
651 }
652 return err;
653 }
654
655 static moduledata_t ipfw_nat_mod = {
656 "ipfw_nat",
657 ipfw_nat_modevent,
658 0
659 };
660
661 DECLARE_MODULE(ipfw_nat, ipfw_nat_mod, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY);
662 MODULE_DEPEND(ipfw_nat, libalias, 1, 1, 1);
663 MODULE_DEPEND(ipfw_nat, ipfw, 2, 2, 2);
664 MODULE_VERSION(ipfw_nat, 1);
Cache object: 762a05b859e749c6fbca27a978eadb5d
|