diff options
| author | julian <julian@FreeBSD.org> | 1996-07-10 19:44:30 +0000 |
|---|---|---|
| committer | julian <julian@FreeBSD.org> | 1996-07-10 19:44:30 +0000 |
| commit | 9277e63302140b5062d96a9394cdec2b83b2e70a (patch) | |
| tree | 5affe14a214c46b4bd58b410a49350e34137ed18 /sys/netinet/ip_fw.h | |
| parent | 366bddd7f5f46d8b7d51ff94c668b40ccecbbc23 (diff) | |
| download | FreeBSD-src-9277e63302140b5062d96a9394cdec2b83b2e70a.zip FreeBSD-src-9277e63302140b5062d96a9394cdec2b83b2e70a.tar.gz | |
Adding changes to ipfw and the kernel to support ip packet diversion..
This stuff should not be too destructive if the IPDIVERT is not compiled in..
be aware that this changes the size of the ip_fw struct
so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
Diffstat (limited to 'sys/netinet/ip_fw.h')
| -rw-r--r-- | sys/netinet/ip_fw.h | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index a8b11a8..b63bc74 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -11,7 +11,7 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id: ip_fw.h,v 1.19 1996/06/02 00:14:50 gpalmer Exp $ + * $Id: ip_fw.h,v 1.20 1996/06/09 23:46:21 alex Exp $ */ /* @@ -29,8 +29,8 @@ struct ip_fw { struct in_addr fw_src, fw_dst; /* Source and destination IP addr */ struct in_addr fw_smsk, fw_dmsk; /* Mask for src and dest IP addr */ union { - struct in_addr fu_via_ip; - struct { + struct in_addr fu_via_ip; /* Specified by IP address */ + struct { /* Specified by interface name */ #define FW_IFNLEN 6 /* To keep structure on 2^x boundary */ char fu_via_name[FW_IFNLEN]; short fu_via_unit; @@ -52,6 +52,7 @@ struct ip_fw { #define IP_FW_ICMPTYPES_DIM (256 / (sizeof(unsigned) * 8)) unsigned fw_icmptypes[IP_FW_ICMPTYPES_DIM]; /* ICMP types bitmap */ long timestamp; /* timestamp (tv_sec) of last match */ + u_short fw_divert_port; /* Divert port (options IPDIVERT) */ }; struct ip_fw_chain { @@ -72,11 +73,15 @@ struct ip_fw_chain { #define IP_FW_F_IN 0x0004 /* Inbound */ #define IP_FW_F_OUT 0x0008 /* Outbound */ +#define IP_FW_F_COMMAND 0x0030 /* Mask for type of chain entry: */ #define IP_FW_F_ACCEPT 0x0010 /* This is an accept rule */ -#define IP_FW_F_COUNT 0x0020 /* This is an accept rule */ +#define IP_FW_F_COUNT 0x0020 /* This is a count rule */ +#define IP_FW_F_DIVERT 0x0030 /* This is a divert rule */ +#define IP_FW_F_DENY 0x0000 /* This is a deny rule */ + #define IP_FW_F_PRN 0x0040 /* Print if this rule matches */ #define IP_FW_F_ICMPRPL 0x0080 /* Send back icmp unreachable packet */ - + #define IP_FW_F_SRNG 0x0100 /* The first two src ports are a min * * and max range (stored in host byte * * order). */ |
