diff options
Diffstat (limited to 'sys/netinet/ip_fw.h')
-rw-r--r-- | sys/netinet/ip_fw.h | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index f32bd19..bc2dfc5 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -11,7 +11,7 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id$ + * $Id: ip_fw.h,v 1.13 1995/07/23 05:36:30 davidg Exp $ */ /* @@ -49,6 +49,8 @@ struct ip_fw { #define IP_FW_MAX_PORTS 10 /* A reasonable maximum */ u_short fw_pts[IP_FW_MAX_PORTS]; /* Array of port numbers to match */ u_long fw_pcnt,fw_bcnt; /* Packet and byte counters */ + u_char fw_ipopt,fw_ipnopt; /* IP options set/unset */ + u_char fw_tcpf,fw_tcpnf; /* TCP flags sen/unset */ }; @@ -83,12 +85,29 @@ struct ip_fw { * */ #define IP_FW_F_PRN 0x020 /* In verbose mode print this firewall*/ #define IP_FW_F_BIDIR 0x040 /* For accounting-count two way */ -#define IP_FW_F_TCPSYN 0x080 /* For tcp packets-check SYN only */ #define IP_FW_F_ICMPRPL 0x100 /* Send back icmp unreachable packet */ #define IP_FW_F_IFNAME 0x200 /* Use interface name/unit (not IP) */ #define IP_FW_F_MASK 0x3FF /* All possible flag bits mask */ /* + * Definitions for IP option names. + */ +#define IP_FW_IPOPT_LSRR 0x01 +#define IP_FW_IPOPT_SSRR 0x02 +#define IP_FW_IPOPT_RR 0x04 +#define IP_FW_IPOPT_TS 0x08 + +/* + * Definitions for TCP flags. + */ +#define IP_FW_TCPF_FIN TH_FIN +#define IP_FW_TCPF_SYN TH_SYN +#define IP_FW_TCPF_RST TH_RST +#define IP_FW_TCPF_PUSH TH_PUSH +#define IP_FW_TCPF_ACK TH_ACK +#define IP_FW_TCPF_URG TH_URG + +/* * New IP firewall options for [gs]etsockopt at the RAW IP level. */ #define IP_FW_BASE_CTL 53 @@ -109,7 +128,8 @@ struct ip_fw { */ #define IP_FW_P_DENY 0x01 #define IP_FW_P_ICMP 0x02 -#define IP_FW_P_MASK 0x03 +#define IP_FW_P_MBIPO 0x04 +#define IP_FW_P_MASK 0x07 /* |