diff options
author | glebius <glebius@FreeBSD.org> | 2005-05-04 13:24:37 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2005-05-04 13:24:37 +0000 |
commit | a0f1ce3be1d4d2b35aa118f1375f259245022ed2 (patch) | |
tree | 446e3de90709c04d8a2f97dce167e80ef96f069d /sys/netinet/libalias | |
parent | 6d827336e97ab369915d2e81fdde50eb412352e6 (diff) | |
download | FreeBSD-src-a0f1ce3be1d4d2b35aa118f1375f259245022ed2.zip FreeBSD-src-a0f1ce3be1d4d2b35aa118f1375f259245022ed2.tar.gz |
Cleanup IPFW2 ifdefs.
Diffstat (limited to 'sys/netinet/libalias')
-rw-r--r-- | sys/netinet/libalias/alias_db.c | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c index f9c953b..e25259c 100644 --- a/sys/netinet/libalias/alias_db.c +++ b/sys/netinet/libalias/alias_db.c @@ -2473,17 +2473,12 @@ LibAliasCheckNewLink(struct libalias *la) file, but making variables global is evil too. ****************/ -#ifndef IPFW2 -#define IPFW2 1 /* use new ipfw code */ -#endif - /* Firewall include files */ #include <net/if.h> #include <netinet/ip_fw.h> #include <string.h> #include <err.h> -#if IPFW2 /* support for new firewall code */ /* * helper function, updates the pointer to cmd with the length * of the current command, and also cleans up the first word of @@ -2554,8 +2549,6 @@ fill_rule(void *buf, int bufsize, int rulenum, return ((char *)cmd - (char *)buf); } -#endif /* IPFW2 */ - static void ClearAllFWHoles(struct libalias *la); @@ -2648,7 +2641,6 @@ PunchFWHole(struct alias_link *lnk) * add fwhole accept tcp from OAddr OPort to DAddr DPort add fwhole * accept tcp from DAddr DPort to OAddr OPort */ -#if IPFW2 if (GetOriginalPort(lnk) != 0 && GetDestPort(lnk) != 0) { u_int32_t rulebuf[255]; int i; @@ -2669,46 +2661,7 @@ PunchFWHole(struct alias_link *lnk) if (r) err(1, "alias punch inbound(2) setsockopt(IP_FW_ADD)"); } -#else /* !IPFW2, old code to generate ipfw rule */ - - /* Build generic part of the two rules */ - rule.fw_number = fwhole; - IP_FW_SETNSRCP(&rule, 1); /* Number of source ports. */ - IP_FW_SETNDSTP(&rule, 1); /* Number of destination ports. */ - rule.fw_flg = IP_FW_F_ACCEPT | IP_FW_F_IN | IP_FW_F_OUT; - rule.fw_prot = IPPROTO_TCP; - rule.fw_smsk.s_addr = INADDR_BROADCAST; - rule.fw_dmsk.s_addr = INADDR_BROADCAST; - - /* Build and apply specific part of the rules */ - rule.fw_src = GetOriginalAddress(lnk); - rule.fw_dst = GetDestAddress(lnk); - rule.fw_uar.fw_pts[0] = ntohs(GetOriginalPort(lnk)); - rule.fw_uar.fw_pts[1] = ntohs(GetDestPort(lnk)); - /* - * Skip non-bound links - XXX should not be strictly necessary, but - * seems to leave hole if not done. Leak of non-bound links? (Code - * should be left even if the problem is fixed - it is a clear - * optimization) - */ - if (rule.fw_uar.fw_pts[0] != 0 && rule.fw_uar.fw_pts[1] != 0) { - r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule); -#ifdef DEBUG - if (r) - err(1, "alias punch inbound(1) setsockopt(IP_FW_ADD)"); -#endif - rule.fw_src = GetDestAddress(lnk); - rule.fw_dst = GetOriginalAddress(lnk); - rule.fw_uar.fw_pts[0] = ntohs(GetDestPort(lnk)); - rule.fw_uar.fw_pts[1] = ntohs(GetOriginalPort(lnk)); - r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule); -#ifdef DEBUG - if (r) - err(1, "alias punch inbound(2) setsockopt(IP_FW_ADD)"); -#endif - } -#endif /* !IPFW2 */ /* Indicate hole applied */ lnk->data.tcp->fwhole = fwhole; fw_setfield(la, la->fireWallField, fwhole); @@ -2732,14 +2685,8 @@ ClearFWHole(struct alias_link *lnk) return; memset(&rule, 0, sizeof rule); /* useless for ipfw2 */ -#if IPFW2 while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &fwhole, sizeof fwhole)); -#else /* !IPFW2 */ - rule.fw_number = fwhole; - while (!setsockopt(fireWallFD, IPPROTO_IP, IP_FW_DEL, - &rule, sizeof rule)); -#endif /* !IPFW2 */ fw_clrfield(la, la->fireWallField, fwhole); lnk->data.tcp->fwhole = -1; } @@ -2757,14 +2704,9 @@ ClearAllFWHoles(struct libalias *la) memset(&rule, 0, sizeof rule); for (i = la->fireWallBaseNum; i < la->fireWallBaseNum + la->fireWallNumNums; i++) { -#if IPFW2 int r = i; while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &r, sizeof r)); -#else /* !IPFW2 */ - rule.fw_number = i; - while (!setsockopt(fireWallFD, IPPROTO_IP, IP_FW_DEL, &rule, sizeof rule)); -#endif /* !IPFW2 */ } /* XXX: third arg correct here ? /phk */ memset(la->fireWallField, 0, la->fireWallNumNums); |