about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog11
-rw-r--r--FAQ.in8
-rw-r--r--sysdeps/unix/sysv/linux/Dist1
-rw-r--r--sysdeps/unix/sysv/linux/Makefile2
-rw-r--r--sysdeps/unix/sysv/linux/netinet/ip_fw.h209
5 files changed, 20 insertions, 211 deletions
diff --git a/ChangeLog b/ChangeLog
index 026c287897..3f67b989c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+1998-11-21  Andreas Jaeger  <aj@arthur.rhein-neckar.de>
+
+	* sysdeps/unix/sysv/linux/netinet/ip_fw.h: Removed.  There are too
+	many differences between the Linux 2.0 and 2.1 versions of this
+	file and it's too difficult to convert all calls.  The file should
+	only be needed by the ipfw program which has to take care of the
+	correct kernel version and include files.
+
+	* sysdeps/unix/sysv/linux/Dist: Remove netinet/ip_fw.h.
+	* sysdeps/unix/sysv/linux/Makefile (sysdep_headers): Likewise.
+
 1998-11-23  Ulrich Drepper  <drepper@cygnus.com>
 
 	* Makeconfig: Don't read sysd-sorted unless sysd-dirs is read.
diff --git a/FAQ.in b/FAQ.in
index f80342bbe2..c15611d672 100644
--- a/FAQ.in
+++ b/FAQ.in
@@ -1094,6 +1094,14 @@ versions defined this but it was an error since it does not make much sense
 when thinking about it.  The standards describing the System V IPC functions
 define it this way and therefore programs must be adopted.
 
+??	Why has <netinet/ip_fw.h> disappeared?
+
+{AJ} The corresponding Linux kernel data structures and constants are
+totally different in Linux 2.0 and Linux 2.1.  This situation has to be
+taken care in user programs using the firewall structures and therefore
+those programs (ipfw is AFAIK the only one) should deal with this problem
+themselves.
+
 
 ? Miscellaneous
 
diff --git a/sysdeps/unix/sysv/linux/Dist b/sysdeps/unix/sysv/linux/Dist
index 5573247711..f80585aee3 100644
--- a/sysdeps/unix/sysv/linux/Dist
+++ b/sysdeps/unix/sysv/linux/Dist
@@ -34,7 +34,6 @@ netinet/if_fddi.h
 netinet/if_tr.h
 netinet/igmp.h
 netinet/in_systm.h
-netinet/ip_fw.h
 netlink/netlink.h
 netpacket/packet.h
 netipx/ipx.h
diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
index 206bce4787..efd63faf2e 100644
--- a/sysdeps/unix/sysv/linux/Makefile
+++ b/sysdeps/unix/sysv/linux/Makefile
@@ -80,7 +80,7 @@ sysdep_headers += bits/pthreadtypes.h
 endif
 
 ifeq ($(subdir),inet)
-sysdep_headers += sys/socketvar.h netinet/in_systm.h netinet/ip_fw.h \
+sysdep_headers += sys/socketvar.h netinet/in_systm.h \
 		  netinet/if_fddi.h netinet/if_tr.h netinet/igmp.h \
 		  netipx/ipx.h netash/ash.h netax25/ax25.h netatalk/at.h \
 		  netrom/netrom.h netpacket/packet.h netrose/rose.h \
diff --git a/sysdeps/unix/sysv/linux/netinet/ip_fw.h b/sysdeps/unix/sysv/linux/netinet/ip_fw.h
deleted file mode 100644
index 2139c37ba7..0000000000
--- a/sysdeps/unix/sysv/linux/netinet/ip_fw.h
+++ /dev/null
@@ -1,209 +0,0 @@
-/* Copyright (C) 1991, 92, 93, 95, 96, 97, 98 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Library General Public License as
-   published by the Free Software Foundation; either version 2 of the
-   License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Library General Public License for more details.
-
-   You should have received a copy of the GNU Library General Public
-   License along with the GNU C Library; see the file COPYING.LIB.  If not,
-   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-   Boston, MA 02111-1307, USA.  */
-
-/* This header file was taken from linux (2.1.26) sources and modified
- * to work under GNU LIBC 2.0.
- */
-
-/*
- * Copyright (c) 1993 Daniel Boulet
- * Copyright (c) 1994 Ugen J.S.Antsilevich
- *
- * Redistribution and use in source forms, with and without modification,
- * are permitted provided that this entire comment appears intact.
- *
- * Redistribution in binary form may occur without any restrictions.
- * Obviously, it would be nice if you gave credit where credit is due
- * but requiring it would be too onerous.
- *
- * This software is provided ``AS IS'' without any warranties of any kind.
- */
-
-/*
- * 	Format of an IP firewall descriptor
- *
- * 	src, dst, src_mask, dst_mask are always stored in network byte order.
- * 	flags and num_*_ports are stored in host byte order (of course).
- * 	Port numbers are stored in HOST byte order.
- */
-
-#ifndef _NETINET_FW_H
-#define _NETINET_FW_H
-
-#include <sys/cdefs.h>
-#include <sys/types.h>
-
-#include <netinet/ip_icmp.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <net/if.h>
-
-__BEGIN_DECLS
-
-struct ip_fw {
-  struct ip_fw  *fw_next;		/* Next firewall on chain */
-  struct in_addr fw_src, fw_dst;	/* Source and destination IP addr */
-  struct in_addr fw_smsk, fw_dmsk;	/* Mask for src and dest IP addr */
-  struct in_addr fw_via;		/* IP address of interface "via" */
-  void *fw_viadev;	                /* device of interface "via" */
-  u_int16_t fw_flg;		        /* Flags word */
-  u_int16_t fw_nsp, fw_ndp;             /* N'of src ports and # of dst ports */
-					/* in ports array (dst ports follow */
-    					/* src ports; max of 10 ports in all;*/
-    					/* count of 0 means match all ports) */
-#define IP_FW_MAX_PORTS	10      	/* A reasonable maximum */
-  u_int16_t fw_pts[IP_FW_MAX_PORTS];    /* Array of port numbers to match */
-  u_int32_t fw_pcnt, fw_bcnt;		/* Packet and byte counters */
-  u_int8_t fw_tosand, fw_tosxor;	/* Revised packet priority */
-  char fw_vianame[IFNAMSIZ];	        /* name of interface "via" */
-};
-
-/*
- *	Values for "flags" field .
- */
-
-#define IP_FW_F_ALL	0x0000	/* This is a universal packet firewall*/
-#define IP_FW_F_TCP	0x0001	/* This is a TCP packet firewall      */
-#define IP_FW_F_UDP	0x0002	/* This is a UDP packet firewall      */
-#define IP_FW_F_ICMP	0x0003	/* This is a ICMP packet firewall     */
-#define IP_FW_F_KIND	0x0003	/* Mask to isolate firewall kind      */
-#define IP_FW_F_ACCEPT	0x0004	/* This is an accept firewall (as     *
-				 *         opposed to a deny firewall)*
-				 *                                    */
-#define IP_FW_F_SRNG	0x0008	/* The first two src ports are a min  *
-				 * and max range (stored in host byte *
-				 * order).                            *
-				 *                                    */
-#define IP_FW_F_DRNG	0x0010	/* The first two dst ports are a min  *
-				 * and max range (stored in host byte *
-				 * order).                            *
-				 * (ports[0] <= port <= ports[1])     *
-				 *                                    */
-#define IP_FW_F_PRN	0x0020	/* In verbose mode print this firewall*/
-#define IP_FW_F_BIDIR	0x0040	/* For bidirectional firewalls        */
-#define IP_FW_F_TCPSYN	0x0080	/* For tcp packets-check SYN only     */
-#define IP_FW_F_ICMPRPL 0x0100	/* Send back icmp unreachable packet  */
-#define IP_FW_F_MASQ	0x0200	/* Masquerading			      */
-#define IP_FW_F_TCPACK	0x0400	/* For tcp-packets match if ACK is set*/
-#define IP_FW_F_REDIR	0x0800	/* Redirect to local port fw_pts[n]   */
-#define IP_FW_F_ACCTIN  0x1000	/* Account incoming packets only.     */
-#define IP_FW_F_ACCTOUT 0x2000	/* Account outgoing packets only.     */
-
-#define IP_FW_F_MASK	0x3FFF	/* All possible flag bits mask        */
-
-/*
- *	New IP firewall options for [gs]etsockopt at the RAW IP level.
- *	Unlike BSD Linux inherits IP options so you don't have to use
- *	a raw socket for this. Instead we check rights in the calls.
- */
-
-#define IP_FW_BASE_CTL  	64	/* base for firewall socket options */
-
-#define IP_FW_COMMAND		0x00FF	/* mask for command without chain */
-#define IP_FW_TYPE		0x0300	/* mask for type (chain) */
-#define IP_FW_SHIFT		8	/* shift count for type (chain) */
-
-#define IP_FW_FWD		0
-#define IP_FW_IN		1
-#define IP_FW_OUT		2
-#define IP_FW_ACCT		3
-#define IP_FW_CHAINS		4	/* total number of ip_fw chains */
-#define IP_FW_MASQ		5
-
-#define IP_FW_INSERT		(IP_FW_BASE_CTL)
-#define IP_FW_APPEND		(IP_FW_BASE_CTL+1)
-#define IP_FW_DELETE		(IP_FW_BASE_CTL+2)
-#define IP_FW_FLUSH		(IP_FW_BASE_CTL+3)
-#define IP_FW_ZERO		(IP_FW_BASE_CTL+4)
-#define IP_FW_POLICY		(IP_FW_BASE_CTL+5)
-#define IP_FW_CHECK		(IP_FW_BASE_CTL+6)
-#define IP_FW_MASQ_TIMEOUTS	(IP_FW_BASE_CTL+7)
-
-#define IP_FW_INSERT_FWD	(IP_FW_INSERT | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_APPEND_FWD	(IP_FW_APPEND | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_DELETE_FWD	(IP_FW_DELETE | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_FLUSH_FWD		(IP_FW_FLUSH  | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_ZERO_FWD		(IP_FW_ZERO   | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_POLICY_FWD	(IP_FW_POLICY | (IP_FW_FWD << IP_FW_SHIFT))
-#define IP_FW_CHECK_FWD		(IP_FW_CHECK  | (IP_FW_FWD << IP_FW_SHIFT))
-
-#define IP_FW_INSERT_IN		(IP_FW_INSERT | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_APPEND_IN		(IP_FW_APPEND | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_DELETE_IN		(IP_FW_DELETE | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_FLUSH_IN		(IP_FW_FLUSH  | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_ZERO_IN		(IP_FW_ZERO   | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_POLICY_IN		(IP_FW_POLICY | (IP_FW_IN << IP_FW_SHIFT))
-#define IP_FW_CHECK_IN		(IP_FW_CHECK  | (IP_FW_IN << IP_FW_SHIFT))
-
-#define IP_FW_INSERT_OUT	(IP_FW_INSERT | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_APPEND_OUT	(IP_FW_APPEND | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_DELETE_OUT	(IP_FW_DELETE | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_FLUSH_OUT		(IP_FW_FLUSH  | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_ZERO_OUT		(IP_FW_ZERO   | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_POLICY_OUT	(IP_FW_POLICY | (IP_FW_OUT << IP_FW_SHIFT))
-#define IP_FW_CHECK_OUT		(IP_FW_CHECK  | (IP_FW_OUT << IP_FW_SHIFT))
-
-#define IP_ACCT_INSERT		(IP_FW_INSERT | (IP_FW_ACCT << IP_FW_SHIFT))
-#define IP_ACCT_APPEND		(IP_FW_APPEND | (IP_FW_ACCT << IP_FW_SHIFT))
-#define IP_ACCT_DELETE		(IP_FW_DELETE | (IP_FW_ACCT << IP_FW_SHIFT))
-#define IP_ACCT_FLUSH		(IP_FW_FLUSH  | (IP_FW_ACCT << IP_FW_SHIFT))
-#define IP_ACCT_ZERO		(IP_FW_ZERO   | (IP_FW_ACCT << IP_FW_SHIFT))
-
-#define IP_FW_MASQ_INSERT	(IP_FW_INSERT | (IP_FW_MASQ << IP_FW_SHIFT))
-#define IP_FW_MASQ_ADD		(IP_FW_APPEND | (IP_FW_MASQ << IP_FW_SHIFT))
-#define IP_FW_MASQ_DEL		(IP_FW_DELETE | (IP_FW_MASQ << IP_FW_SHIFT))
-#define IP_FW_MASQ_FLUSH	(IP_FW_FLUSH  | (IP_FW_MASQ << IP_FW_SHIFT))
-
-struct ip_fwpkt
-{
-  struct iphdr fwp_iph;			/* IP header */
-  union {
-    struct tcphdr fwp_tcph;		/* TCP header or */
-    struct udphdr fwp_udph;		/* UDP header */
-    struct icmphdr fwp_icmph;	        /* ICMP header */
-  } fwp_protoh;
-  struct in_addr fwp_via;	        /* interface address */
-  char fwp_vianame[IFNAMSIZ];	        /* interface name */
-};
-
-#define IP_FW_MASQCTL_MAX 256
-#define IP_MASQ_MOD_NMAX  32
-
-struct ip_fw_masqctl
-{
-  int mctl_action;
-  union {
-    struct {
-      char name[IP_MASQ_MOD_NMAX];
-      char data[1];
-    } mod;
-  } u;
-};
-
-
-/*
- * timeouts for ip masquerading
- */
-
-struct ip_fw_masq;
-
-__END_DECLS
-
-#endif /* _NETINET_IP_FW_H */