aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog11
-rw-r--r--FAQ.in8
-rw-r--r--sysdeps/unix/sysv/linux/Dist1
-rw-r--r--sysdeps/unix/sysv/linux/Makefile2
-rw-r--r--sysdeps/unix/sysv/linux/netinet/ip_fw.h209
5 files changed, 20 insertions, 211 deletions
diff --git a/ChangeLog b/ChangeLog
index 026c287897..3f67b989c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+1998-11-21 Andreas Jaeger <aj@arthur.rhein-neckar.de>
+
+ * sysdeps/unix/sysv/linux/netinet/ip_fw.h: Removed. There are too
+ many differences between the Linux 2.0 and 2.1 versions of this
+ file and it's too difficult to convert all calls. The file should
+ only be needed by the ipfw program which has to take care of the
+ correct kernel version and include files.
+
+ * sysdeps/unix/sysv/linux/Dist: Remove netinet/ip_fw.h.
+ * sysdeps/unix/sysv/linux/Makefile (sysdep_headers): Likewise.
+
1998-11-23 Ulrich Drepper <drepper@cygnus.com>
* Makeconfig: Don't read sysd-sorted unless sysd-dirs is read.
diff --git a/FAQ.in b/FAQ.in
index f80342bbe2..c15611d672 100644
--- a/FAQ.in
+++ b/FAQ.in
@@ -1094,6 +1094,14 @@ versions defined this but it was an error since it does not make much sense
when thinking about it. The standards describing the System V IPC functions
define it this way and therefore programs must be adopted.
+?? Why has <netinet/ip_fw.h> disappeared?
+
+{AJ} The corresponding Linux kernel data structures and constants are
+totally different in Linux 2.0 and Linux 2.1. This situation has to be
+taken care in user programs using the firewall structures and therefore
+those programs (ipfw is AFAIK the only one) should deal with this problem
+themselves.
+
? Miscellaneous
diff --git a/sysdeps/unix/sysv/linux/Dist b/sysdeps/unix/sysv/linux/Dist
index 5573247711..f80585aee3 100644
--- a/sysdeps/unix/sysv/linux/Dist
+++ b/sysdeps/unix/sysv/linux/Dist
@@ -34,7 +34,6 @@ netinet/if_fddi.h
netinet/if_tr.h
netinet/igmp.h
netinet/in_systm.h
-netinet/ip_fw.h
netlink/netlink.h
netpacket/packet.h
netipx/ipx.h
diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
index 206bce4787..efd63faf2e 100644
--- a/sysdeps/unix/sysv/linux/Makefile
+++ b/sysdeps/unix/sysv/linux/Makefile
@@ -80,7 +80,7 @@ sysdep_headers += bits/pthreadtypes.h
endif
ifeq ($(subdir),inet)
-sysdep_headers += sys/socketvar.h netinet/in_systm.h netinet/ip_fw.h \
+sysdep_headers += sys/socketvar.h netinet/in_systm.h \
netinet/if_fddi.h netinet/if_tr.h netinet/igmp.h \
netipx/ipx.h netash/ash.h netax25/ax25.h netatalk/at.h \
netrom/netrom.h netpacket/packet.h netrose/rose.h \
diff --git a/sysdeps/unix/sysv/linux/netinet/ip_fw.h b/sysdeps/unix/sysv/linux/netinet/ip_fw.h
deleted file mode 100644
index 2139c37ba7..0000000000
--- a/sysdeps/unix/sysv/linux/netinet/ip_fw.h
+++ /dev/null
@@ -1,209 +0,0 @@
-/* Copyright (C) 1991, 92, 93, 95, 96, 97, 98 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Library General Public License as
- published by the Free Software Foundation; either version 2 of the
- License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Library General Public
- License along with the GNU C Library; see the file COPYING.LIB. If not,
- write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA. */
-
-/* This header file was taken from linux (2.1.26) sources and modified
- * to work under GNU LIBC 2.0.
- */
-
-/*
- * Copyright (c) 1993 Daniel Boulet
- * Copyright (c) 1994 Ugen J.S.Antsilevich
- *
- * Redistribution and use in source forms, with and without modification,
- * are permitted provided that this entire comment appears intact.
- *
- * Redistribution in binary form may occur without any restrictions.
- * Obviously, it would be nice if you gave credit where credit is due
- * but requiring it would be too onerous.
- *
- * This software is provided ``AS IS'' without any warranties of any kind.
- */
-
-/*
- * Format of an IP firewall descriptor
- *
- * src, dst, src_mask, dst_mask are always stored in network byte order.
- * flags and num_*_ports are stored in host byte order (of course).
- * Port numbers are stored in HOST byte order.
- */
-
-#ifndef _NETINET_FW_H
-#define _NETINET_FW_H
-
-#include <sys/cdefs.h>
-#include <sys/types.h>
-
-#include <netinet/ip_icmp.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <net/if.h>
-
-__BEGIN_DECLS
-
-struct ip_fw {
- struct ip_fw *fw_next; /* Next firewall on chain */
- struct in_addr fw_src, fw_dst; /* Source and destination IP addr */
- struct in_addr fw_smsk, fw_dmsk; /* Mask for src and dest IP addr */
- struct in_addr fw_via; /* IP address of interface "via" */
- void *fw_viadev; /* device of interface "via" */
- u_int16_t fw_flg; /* Flags word */
- u_int16_t fw_nsp, fw_ndp; /* N'of src ports and # of dst ports */
- /* in ports array (dst ports follow */
- /* src ports; max of 10 ports in all;*/
- /* count of 0 means match all ports) */
-#define IP_FW_MAX_PORTS 10 /* A reasonable maximum */
- u_int16_t fw_pts[IP_FW_MAX_PORTS]; /* Array of port numbers to match */
- u_int32_t fw_pcnt, fw_bcnt; /* Packet and byte counters */
- u_int8_t fw_tosand, fw_tosxor; /* Revised packet priority */
- char fw_vianame[IFNAMSIZ]; /* name of interface "via" */
-};
-
-/*
- * Values for "flags" field .
- */
-
-#define IP_FW_F_ALL 0x0000 /* This is a universal packet firewall*/
-#define IP_FW_F_TCP 0x0001 /* This is a TCP packet firewall */
-#define IP_FW_F_UDP 0x0002 /* This is a UDP packet firewall */
-#define IP_FW_F_ICMP 0x0003 /* This is a ICMP packet firewall */
-#define IP_FW_F_KIND 0x0003 /* Mask to isolate firewall kind */
-#define IP_FW_F_ACCEPT 0x0004 /* This is an accept firewall (as *
- * opposed to a deny firewall)*
- * */
-#define IP_FW_F_SRNG 0x0008 /* The first two src ports are a min *
- * and max range (stored in host byte *
- * order). *
- * */
-#define IP_FW_F_DRNG 0x0010 /* The first two dst ports are a min *
- * and max range (stored in host byte *
- * order). *
- * (ports[0] <= port <= ports[1]) *
- * */
-#define IP_FW_F_PRN 0x0020 /* In verbose mode print this firewall*/
-#define IP_FW_F_BIDIR 0x0040 /* For bidirectional firewalls */
-#define IP_FW_F_TCPSYN 0x0080 /* For tcp packets-check SYN only */
-#define IP_FW_F_ICMPRPL 0x0100 /* Send back icmp unreachable packet */
-#define IP_FW_F_MASQ 0x0200 /* Masquerading */
-#define IP_FW_F_TCPACK 0x0400 /* For tcp-packets match if ACK is set*/
-#define IP_FW_F_REDIR 0x0800 /* Redirect to local port fw_pts[n] */
-#define IP_FW_F_ACCTIN 0x1000 /* Account incoming packets only. */
-#define IP_FW_F_ACCTOUT 0x2000 /* Account outgoing packets only. */
-
-#define IP_FW_F_MASK 0x3FFF /* All possible flag bits mask */
-
-/*
- * New IP firewall options for [gs]etsockopt at the RAW IP level.
- * Unlike BSD Linux inherits IP options so you don't have to use
- * a raw socket for this. Instead we check rights in the calls.
- */
-
-#define IP_FW_BASE_CTL 64 /* base for firewall socket options */
-
-#define IP_FW_COMMAND 0x00FF /* mask for command without chain */
-#define IP_FW_TYPE 0x0300 /* mask for type (chain) */
-#define IP_FW_SHIFT 8 /* shift count for type (chain) */
-
-#define IP_FW_FWD 0
-#define IP_FW_IN 1
-#define IP_FW_OUT 2
-#define IP_FW_ACCT 3
-#define IP_FW_CHAINS 4 /* total number of ip_fw chains */
-#define IP_FW_MASQ 5
-
-#define IP_FW_INSERT (IP_FW_BASE_CTL)
-#define IP_FW_APPEND (IP_FW_BASE_CTL+1)
-#define IP_FW_DELETE (IP_FW_BASE_CTL+2)
-#define IP_FW_FLUSH (IP_FW_BASE_CTL+3)
-#define IP_FW_ZERO (IP_FW_BASE_CTL+4)
-#define IP_FW_POLICY (IP_FW_BASE_CTL+5)
-#define IP_FW_CHECK (IP_FW_BASE_CTL+6)
-#define IP_FW_MASQ_TIMEOUTS (IP_FW_BASE_CTL+7)
-
-#define IP_FW_INSERT_FWD (IP_FW_INSERT | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_APPEND_FWD (IP_FW_APPEND | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_DELETE_FWD (IP_FW_DELETE | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_FLUSH_FWD (IP_FW_FLUSH | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_ZERO_FWD (IP_FW_ZERO | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_POLICY_FWD (IP_FW_POLICY | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_CHECK_FWD (IP_FW_CHECK | (IP_FW_FWD << IP_FW_SHIFT))
-
-#define IP_FW_INSERT_IN (IP_FW_INSERT | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_APPEND_IN (IP_FW_APPEND | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_DELETE_IN (IP_FW_DELETE | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_FLUSH_IN (IP_FW_FLUSH | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_ZERO_IN (IP_FW_ZERO | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_POLICY_IN (IP_FW_POLICY | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_CHECK_IN (IP_FW_CHECK | (IP_FW_IN << IP_FW_SHIFT))
-
-#define IP_FW_INSERT_OUT (IP_FW_INSERT | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_APPEND_OUT (IP_FW_APPEND | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_DELETE_OUT (IP_FW_DELETE | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_FLUSH_OUT (IP_FW_FLUSH | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_ZERO_OUT (IP_FW_ZERO | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_POLICY_OUT (IP_FW_POLICY | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_CHECK_OUT (IP_FW_CHECK | (IP_FW_OUT << IP_FW_SHIFT))
-
-#define IP_ACCT_INSERT (IP_FW_INSERT | (IP_FW_ACCT << IP_FW_SHIFT))
-#define IP_ACCT_APPEND (IP_FW_APPEND | (IP_FW_ACCT << IP_FW_SHIFT))
-#define IP_ACCT_DELETE (IP_FW_DELETE | (IP_FW_ACCT << IP_FW_SHIFT))
-#define IP_ACCT_FLUSH (IP_FW_FLUSH | (IP_FW_ACCT << IP_FW_SHIFT))
-#define IP_ACCT_ZERO (IP_FW_ZERO | (IP_FW_ACCT << IP_FW_SHIFT))
-
-#define IP_FW_MASQ_INSERT (IP_FW_INSERT | (IP_FW_MASQ << IP_FW_SHIFT))
-#define IP_FW_MASQ_ADD (IP_FW_APPEND | (IP_FW_MASQ << IP_FW_SHIFT))
-#define IP_FW_MASQ_DEL (IP_FW_DELETE | (IP_FW_MASQ << IP_FW_SHIFT))
-#define IP_FW_MASQ_FLUSH (IP_FW_FLUSH | (IP_FW_MASQ << IP_FW_SHIFT))
-
-struct ip_fwpkt
-{
- struct iphdr fwp_iph; /* IP header */
- union {
- struct tcphdr fwp_tcph; /* TCP header or */
- struct udphdr fwp_udph; /* UDP header */
- struct icmphdr fwp_icmph; /* ICMP header */
- } fwp_protoh;
- struct in_addr fwp_via; /* interface address */
- char fwp_vianame[IFNAMSIZ]; /* interface name */
-};
-
-#define IP_FW_MASQCTL_MAX 256
-#define IP_MASQ_MOD_NMAX 32
-
-struct ip_fw_masqctl
-{
- int mctl_action;
- union {
- struct {
- char name[IP_MASQ_MOD_NMAX];
- char data[1];
- } mod;
- } u;
-};
-
-
-/*
- * timeouts for ip masquerading
- */
-
-struct ip_fw_masq;
-
-__END_DECLS
-
-#endif /* _NETINET_IP_FW_H */