From 280f8f95b4045e45c9f5d18632bd0ccb8cc0fad2 Mon Sep 17 00:00:00 2001 From: green Date: Sat, 19 Jun 1999 18:43:33 +0000 Subject: This is the much-awaited cleaned up version of IPFW [ug]id support. All relevant changes have been made (including ipfw.8). --- sys/netinet/ip_fw.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'sys/netinet/ip_fw.h') diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 3dc3c0e..ba15dbd 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -11,7 +11,7 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id: ip_fw.h,v 1.36 1998/12/14 18:09:13 luigi Exp $ + * $Id: ip_fw.h,v 1.37 1999/04/20 13:32:05 peter Exp $ */ #ifndef _IP_FW_H @@ -81,6 +81,8 @@ struct ip_fw { /* count of 0 means match all ports) */ void *pipe_ptr; /* Pipe ptr in case of dummynet pipe */ void *next_rule_ptr ; /* next rule in case of match */ + uid_t fw_uid; /* uid to match */ + gid_t fw_gid; /* gid to match */ }; #define IP_FW_GETNSRCP(rule) ((rule)->fw_nports & 0x0f) @@ -144,7 +146,11 @@ struct ip_fw_chain { #define IP_FW_F_ICMPBIT 0x00100000 /* ICMP type bitmap is valid */ -#define IP_FW_F_MASK 0x001FFFFF /* All possible flag bits mask */ +#define IP_FW_F_UID 0x00200000 /* filter by uid */ + +#define IP_FW_F_GID 0x00400000 /* filter by uid */ + +#define IP_FW_F_MASK 0x007FFFFF /* All possible flag bits mask */ /* * For backwards compatibility with rules specifying "via iface" but -- cgit v1.1