From a42134a70be89e902efa6dfd1484e21aa040acb0 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Mon, 23 Nov 1998 09:48:32 +0000 Subject: Update. 1998-11-21 Andreas Jaeger * sysdeps/unix/sysv/linux/netinet/ip_fw.h: Removed. There are too many differences between the Linux 2.0 and 2.1 versions of this file and it's too difficult to convert all calls. The file should only be needed by the ipfw program which has to take care of the correct kernel version and include files. * sysdeps/unix/sysv/linux/Dist: Remove netinet/ip_fw.h. * sysdeps/unix/sysv/linux/Makefile (sysdep_headers): Likewise. --- ChangeLog | 11 ++ FAQ.in | 8 ++ sysdeps/unix/sysv/linux/Dist | 1 - sysdeps/unix/sysv/linux/Makefile | 2 +- sysdeps/unix/sysv/linux/netinet/ip_fw.h | 209 -------------------------------- 5 files changed, 20 insertions(+), 211 deletions(-) delete mode 100644 sysdeps/unix/sysv/linux/netinet/ip_fw.h diff --git a/ChangeLog b/ChangeLog index 026c287897..3f67b989c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +1998-11-21 Andreas Jaeger + + * sysdeps/unix/sysv/linux/netinet/ip_fw.h: Removed. There are too + many differences between the Linux 2.0 and 2.1 versions of this + file and it's too difficult to convert all calls. The file should + only be needed by the ipfw program which has to take care of the + correct kernel version and include files. + + * sysdeps/unix/sysv/linux/Dist: Remove netinet/ip_fw.h. + * sysdeps/unix/sysv/linux/Makefile (sysdep_headers): Likewise. + 1998-11-23 Ulrich Drepper * Makeconfig: Don't read sysd-sorted unless sysd-dirs is read. diff --git a/FAQ.in b/FAQ.in index f80342bbe2..c15611d672 100644 --- a/FAQ.in +++ b/FAQ.in @@ -1094,6 +1094,14 @@ versions defined this but it was an error since it does not make much sense when thinking about it. The standards describing the System V IPC functions define it this way and therefore programs must be adopted. +?? Why has disappeared? + +{AJ} The corresponding Linux kernel data structures and constants are +totally different in Linux 2.0 and Linux 2.1. This situation has to be +taken care in user programs using the firewall structures and therefore +those programs (ipfw is AFAIK the only one) should deal with this problem +themselves. + ? Miscellaneous diff --git a/sysdeps/unix/sysv/linux/Dist b/sysdeps/unix/sysv/linux/Dist index 5573247711..f80585aee3 100644 --- a/sysdeps/unix/sysv/linux/Dist +++ b/sysdeps/unix/sysv/linux/Dist @@ -34,7 +34,6 @@ netinet/if_fddi.h netinet/if_tr.h netinet/igmp.h netinet/in_systm.h -netinet/ip_fw.h netlink/netlink.h netpacket/packet.h netipx/ipx.h diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index 206bce4787..efd63faf2e 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -80,7 +80,7 @@ sysdep_headers += bits/pthreadtypes.h endif ifeq ($(subdir),inet) -sysdep_headers += sys/socketvar.h netinet/in_systm.h netinet/ip_fw.h \ +sysdep_headers += sys/socketvar.h netinet/in_systm.h \ netinet/if_fddi.h netinet/if_tr.h netinet/igmp.h \ netipx/ipx.h netash/ash.h netax25/ax25.h netatalk/at.h \ netrom/netrom.h netpacket/packet.h netrose/rose.h \ diff --git a/sysdeps/unix/sysv/linux/netinet/ip_fw.h b/sysdeps/unix/sysv/linux/netinet/ip_fw.h deleted file mode 100644 index 2139c37ba7..0000000000 --- a/sysdeps/unix/sysv/linux/netinet/ip_fw.h +++ /dev/null @@ -1,209 +0,0 @@ -/* Copyright (C) 1991, 92, 93, 95, 96, 97, 98 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the GNU C Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ - -/* This header file was taken from linux (2.1.26) sources and modified - * to work under GNU LIBC 2.0. - */ - -/* - * Copyright (c) 1993 Daniel Boulet - * Copyright (c) 1994 Ugen J.S.Antsilevich - * - * Redistribution and use in source forms, with and without modification, - * are permitted provided that this entire comment appears intact. - * - * Redistribution in binary form may occur without any restrictions. - * Obviously, it would be nice if you gave credit where credit is due - * but requiring it would be too onerous. - * - * This software is provided ``AS IS'' without any warranties of any kind. - */ - -/* - * Format of an IP firewall descriptor - * - * src, dst, src_mask, dst_mask are always stored in network byte order. - * flags and num_*_ports are stored in host byte order (of course). - * Port numbers are stored in HOST byte order. - */ - -#ifndef _NETINET_FW_H -#define _NETINET_FW_H - -#include -#include - -#include -#include -#include -#include -#include -#include - -__BEGIN_DECLS - -struct ip_fw { - struct ip_fw *fw_next; /* Next firewall on chain */ - struct in_addr fw_src, fw_dst; /* Source and destination IP addr */ - struct in_addr fw_smsk, fw_dmsk; /* Mask for src and dest IP addr */ - struct in_addr fw_via; /* IP address of interface "via" */ - void *fw_viadev; /* device of interface "via" */ - u_int16_t fw_flg; /* Flags word */ - u_int16_t fw_nsp, fw_ndp; /* N'of src ports and # of dst ports */ - /* in ports array (dst ports follow */ - /* src ports; max of 10 ports in all;*/ - /* count of 0 means match all ports) */ -#define IP_FW_MAX_PORTS 10 /* A reasonable maximum */ - u_int16_t fw_pts[IP_FW_MAX_PORTS]; /* Array of port numbers to match */ - u_int32_t fw_pcnt, fw_bcnt; /* Packet and byte counters */ - u_int8_t fw_tosand, fw_tosxor; /* Revised packet priority */ - char fw_vianame[IFNAMSIZ]; /* name of interface "via" */ -}; - -/* - * Values for "flags" field . - */ - -#define IP_FW_F_ALL 0x0000 /* This is a universal packet firewall*/ -#define IP_FW_F_TCP 0x0001 /* This is a TCP packet firewall */ -#define IP_FW_F_UDP 0x0002 /* This is a UDP packet firewall */ -#define IP_FW_F_ICMP 0x0003 /* This is a ICMP packet firewall */ -#define IP_FW_F_KIND 0x0003 /* Mask to isolate firewall kind */ -#define IP_FW_F_ACCEPT 0x0004 /* This is an accept firewall (as * - * opposed to a deny firewall)* - * */ -#define IP_FW_F_SRNG 0x0008 /* The first two src ports are a min * - * and max range (stored in host byte * - * order). * - * */ -#define IP_FW_F_DRNG 0x0010 /* The first two dst ports are a min * - * and max range (stored in host byte * - * order). * - * (ports[0] <= port <= ports[1]) * - * */ -#define IP_FW_F_PRN 0x0020 /* In verbose mode print this firewall*/ -#define IP_FW_F_BIDIR 0x0040 /* For bidirectional firewalls */ -#define IP_FW_F_TCPSYN 0x0080 /* For tcp packets-check SYN only */ -#define IP_FW_F_ICMPRPL 0x0100 /* Send back icmp unreachable packet */ -#define IP_FW_F_MASQ 0x0200 /* Masquerading */ -#define IP_FW_F_TCPACK 0x0400 /* For tcp-packets match if ACK is set*/ -#define IP_FW_F_REDIR 0x0800 /* Redirect to local port fw_pts[n] */ -#define IP_FW_F_ACCTIN 0x1000 /* Account incoming packets only. */ -#define IP_FW_F_ACCTOUT 0x2000 /* Account outgoing packets only. */ - -#define IP_FW_F_MASK 0x3FFF /* All possible flag bits mask */ - -/* - * New IP firewall options for [gs]etsockopt at the RAW IP level. - * Unlike BSD Linux inherits IP options so you don't have to use - * a raw socket for this. Instead we check rights in the calls. - */ - -#define IP_FW_BASE_CTL 64 /* base for firewall socket options */ - -#define IP_FW_COMMAND 0x00FF /* mask for command without chain */ -#define IP_FW_TYPE 0x0300 /* mask for type (chain) */ -#define IP_FW_SHIFT 8 /* shift count for type (chain) */ - -#define IP_FW_FWD 0 -#define IP_FW_IN 1 -#define IP_FW_OUT 2 -#define IP_FW_ACCT 3 -#define IP_FW_CHAINS 4 /* total number of ip_fw chains */ -#define IP_FW_MASQ 5 - -#define IP_FW_INSERT (IP_FW_BASE_CTL) -#define IP_FW_APPEND (IP_FW_BASE_CTL+1) -#define IP_FW_DELETE (IP_FW_BASE_CTL+2) -#define IP_FW_FLUSH (IP_FW_BASE_CTL+3) -#define IP_FW_ZERO (IP_FW_BASE_CTL+4) -#define IP_FW_POLICY (IP_FW_BASE_CTL+5) -#define IP_FW_CHECK (IP_FW_BASE_CTL+6) -#define IP_FW_MASQ_TIMEOUTS (IP_FW_BASE_CTL+7) - -#define IP_FW_INSERT_FWD (IP_FW_INSERT | (IP_FW_FWD << IP_FW_SHIFT)) -#define IP_FW_APPEND_FWD (IP_FW_APPEND | (IP_FW_FWD << IP_FW_SHIFT)) -#define IP_FW_DELETE_FWD (IP_FW_DELETE | (IP_FW_FWD << IP_FW_SHIFT)) -#define IP_FW_FLUSH_FWD (IP_FW_FLUSH | (IP_FW_FWD << IP_FW_SHIFT)) -#define IP_FW_ZERO_FWD (IP_FW_ZERO | (IP_FW_FWD << IP_FW_SHIFT)) -#define IP_FW_POLICY_FWD (IP_FW_POLICY | (IP_FW_FWD << IP_FW_SHIFT)) -#define IP_FW_CHECK_FWD (IP_FW_CHECK | (IP_FW_FWD << IP_FW_SHIFT)) - -#define IP_FW_INSERT_IN (IP_FW_INSERT | (IP_FW_IN << IP_FW_SHIFT)) -#define IP_FW_APPEND_IN (IP_FW_APPEND | (IP_FW_IN << IP_FW_SHIFT)) -#define IP_FW_DELETE_IN (IP_FW_DELETE | (IP_FW_IN << IP_FW_SHIFT)) -#define IP_FW_FLUSH_IN (IP_FW_FLUSH | (IP_FW_IN << IP_FW_SHIFT)) -#define IP_FW_ZERO_IN (IP_FW_ZERO | (IP_FW_IN << IP_FW_SHIFT)) -#define IP_FW_POLICY_IN (IP_FW_POLICY | (IP_FW_IN << IP_FW_SHIFT)) -#define IP_FW_CHECK_IN (IP_FW_CHECK | (IP_FW_IN << IP_FW_SHIFT)) - -#define IP_FW_INSERT_OUT (IP_FW_INSERT | (IP_FW_OUT << IP_FW_SHIFT)) -#define IP_FW_APPEND_OUT (IP_FW_APPEND | (IP_FW_OUT << IP_FW_SHIFT)) -#define IP_FW_DELETE_OUT (IP_FW_DELETE | (IP_FW_OUT << IP_FW_SHIFT)) -#define IP_FW_FLUSH_OUT (IP_FW_FLUSH | (IP_FW_OUT << IP_FW_SHIFT)) -#define IP_FW_ZERO_OUT (IP_FW_ZERO | (IP_FW_OUT << IP_FW_SHIFT)) -#define IP_FW_POLICY_OUT (IP_FW_POLICY | (IP_FW_OUT << IP_FW_SHIFT)) -#define IP_FW_CHECK_OUT (IP_FW_CHECK | (IP_FW_OUT << IP_FW_SHIFT)) - -#define IP_ACCT_INSERT (IP_FW_INSERT | (IP_FW_ACCT << IP_FW_SHIFT)) -#define IP_ACCT_APPEND (IP_FW_APPEND | (IP_FW_ACCT << IP_FW_SHIFT)) -#define IP_ACCT_DELETE (IP_FW_DELETE | (IP_FW_ACCT << IP_FW_SHIFT)) -#define IP_ACCT_FLUSH (IP_FW_FLUSH | (IP_FW_ACCT << IP_FW_SHIFT)) -#define IP_ACCT_ZERO (IP_FW_ZERO | (IP_FW_ACCT << IP_FW_SHIFT)) - -#define IP_FW_MASQ_INSERT (IP_FW_INSERT | (IP_FW_MASQ << IP_FW_SHIFT)) -#define IP_FW_MASQ_ADD (IP_FW_APPEND | (IP_FW_MASQ << IP_FW_SHIFT)) -#define IP_FW_MASQ_DEL (IP_FW_DELETE | (IP_FW_MASQ << IP_FW_SHIFT)) -#define IP_FW_MASQ_FLUSH (IP_FW_FLUSH | (IP_FW_MASQ << IP_FW_SHIFT)) - -struct ip_fwpkt -{ - struct iphdr fwp_iph; /* IP header */ - union { - struct tcphdr fwp_tcph; /* TCP header or */ - struct udphdr fwp_udph; /* UDP header */ - struct icmphdr fwp_icmph; /* ICMP header */ - } fwp_protoh; - struct in_addr fwp_via; /* interface address */ - char fwp_vianame[IFNAMSIZ]; /* interface name */ -}; - -#define IP_FW_MASQCTL_MAX 256 -#define IP_MASQ_MOD_NMAX 32 - -struct ip_fw_masqctl -{ - int mctl_action; - union { - struct { - char name[IP_MASQ_MOD_NMAX]; - char data[1]; - } mod; - } u; -}; - - -/* - * timeouts for ip masquerading - */ - -struct ip_fw_masq; - -__END_DECLS - -#endif /* _NETINET_IP_FW_H */ -- cgit v1.2.3-70-g09d2