diff options
| author | ugen <ugen@FreeBSD.org> | 1995-10-01 21:52:50 +0000 |
|---|---|---|
| committer | ugen <ugen@FreeBSD.org> | 1995-10-01 21:52:50 +0000 |
| commit | 5d0e3b6e78857391e3f29e33728c66cb03d69c45 (patch) | |
| tree | e159bbea54a13f69e8ba5118e9ef34dcdf26acda /sys/netinet/ip_fw.h | |
| parent | f1e6db21170e50df595b22cb92904e2cdd80d386 (diff) | |
| download | FreeBSD-src-5d0e3b6e78857391e3f29e33728c66cb03d69c45.zip FreeBSD-src-5d0e3b6e78857391e3f29e33728c66cb03d69c45.tar.gz | |
Well..finally..this is the first part..it should take care of
matching IP options..Check and test this - i made only a couple
of rough tests and this could be buggy.. Ipaccounting can't use
IP Options (and i don't see any need to cound packets with specific
options either..)
More to come...
Diffstat (limited to 'sys/netinet/ip_fw.h')
| -rw-r--r-- | sys/netinet/ip_fw.h | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index f32bd19..bc2dfc5 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -11,7 +11,7 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id$ + * $Id: ip_fw.h,v 1.13 1995/07/23 05:36:30 davidg Exp $ */ /* @@ -49,6 +49,8 @@ struct ip_fw { #define IP_FW_MAX_PORTS 10 /* A reasonable maximum */ u_short fw_pts[IP_FW_MAX_PORTS]; /* Array of port numbers to match */ u_long fw_pcnt,fw_bcnt; /* Packet and byte counters */ + u_char fw_ipopt,fw_ipnopt; /* IP options set/unset */ + u_char fw_tcpf,fw_tcpnf; /* TCP flags sen/unset */ }; @@ -83,12 +85,29 @@ struct ip_fw { * */ #define IP_FW_F_PRN 0x020 /* In verbose mode print this firewall*/ #define IP_FW_F_BIDIR 0x040 /* For accounting-count two way */ -#define IP_FW_F_TCPSYN 0x080 /* For tcp packets-check SYN only */ #define IP_FW_F_ICMPRPL 0x100 /* Send back icmp unreachable packet */ #define IP_FW_F_IFNAME 0x200 /* Use interface name/unit (not IP) */ #define IP_FW_F_MASK 0x3FF /* All possible flag bits mask */ /* + * Definitions for IP option names. + */ +#define IP_FW_IPOPT_LSRR 0x01 +#define IP_FW_IPOPT_SSRR 0x02 +#define IP_FW_IPOPT_RR 0x04 +#define IP_FW_IPOPT_TS 0x08 + +/* + * Definitions for TCP flags. + */ +#define IP_FW_TCPF_FIN TH_FIN +#define IP_FW_TCPF_SYN TH_SYN +#define IP_FW_TCPF_RST TH_RST +#define IP_FW_TCPF_PUSH TH_PUSH +#define IP_FW_TCPF_ACK TH_ACK +#define IP_FW_TCPF_URG TH_URG + +/* * New IP firewall options for [gs]etsockopt at the RAW IP level. */ #define IP_FW_BASE_CTL 53 @@ -109,7 +128,8 @@ struct ip_fw { */ #define IP_FW_P_DENY 0x01 #define IP_FW_P_ICMP 0x02 -#define IP_FW_P_MASK 0x03 +#define IP_FW_P_MBIPO 0x04 +#define IP_FW_P_MASK 0x07 /* |
