ng_nat: proof of concept

[pls, remove current_at_freebsd.org from Cc, when replying]

  Collegues,

  I'm glad to announce new and VERY immature node - ng_nat. Actually it is just
a proof of concept, not ready for any practical usage. ng_nat is a netgraph
node, performing NAT. It works using libalias(3) ported to kernel, that's why
it is going to have the same functionality as good old natd(8). But it will work
in netgraph, in kernel.

Node has two hooks - "in" and "out". Packets to be masqueraded should be
sent to "out" hook, packets to be demasqueraded should be sent to "in" hook.

Here a sample P.O.C. setup, which is working:

kldload ng_ipfw
ipfw add 30 netgraph 60 ip from 192.168.0.1 to ${some_host} out via ng1
ipfw add 31 netgraph 61 ip from ${some_host} to ${oif} in via ng1
kldload libalias
kldload ng_nat

ngctl mkpeer ipfw: nat 60 out
ngctl name ipfw:60 nat
ngctl connect ipfw: nat: 61 in
ngctl msg nat: setaliasaddr ${oif}

[on 192.168.0.1 host]

ping ${some_host}

And it works! :)

Well, it is not yet time to call for testers, but patches are already shared.
First kernel alias library needs to be built.

cd /usr/src/lib/libalias
fetch http://people.freebsd.org/~glebius/totest/ng_nat/libalias-kernel.diff
patch < libalias-kernel.diff
cd /usr/src/sys/modules
mkdir libalias
cd libalias
fetch http://people.freebsd.org/~glebius/totest/ng_nat/Makefile
make
make install

Then ng_nat module can be built:

cd /usr/src/sys/netgraph
fetch http://people.freebsd.org/~glebius/totest/ng_nat/ng_nat.c
fetch http://people.freebsd.org/~glebius/totest/ng_nat/ng_nat.h
cd /usr/src/sys/modules/netgraph
mkdir nat
cd nat
fetch http://people.freebsd.org/~glebius/totest/ng_nat/ng_nat/Makefile
make
make install

The snapshots at http://people.freebsd.org/~glebius/totest/ng_nat are going to
be updated several times per weeek.

Comments are welcome. Especially I'd be glad for criticism and advices concerning
of clean porting libalias to kernel. Make ifdefs and defines more nice, etc.

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE