[202] in linux-net channel archive
ipfw not compiling (1.2.5)
daemon@ATHENA.MIT.EDU (Kayvan Sylvan)
Sun Apr 16 05:10:13 1995
Date: Sun, 16 Apr 95 00:24 PDT
To: Herbert Rosmanith <herp@wildsau.idv.uni-linz.ac.at>
Cc: linux-net@vger.rutgers.edu
In-Reply-To: <4226955@toto.iv>
From: Kayvan Sylvan <kayvan@Sylvan.COM>
>>>>> "Herbert" == Herbert Rosmanith <herp@wildsau.idv.uni-linz.ac.at> writes:
Herbert> looks like the field-names in 1.2.5 kernel do not match those
Herbert> from 1.1.79 net-tools.
Try this patch. I got ipfw and the rest of net-tools to compile with
this, though it's not extensively tested.
*** 1.1 1995/02/19 04:13:45
--- ./man/plipconfig.8 1995/02/19 04:14:42
***************
*** 4,10 ****
.SH SYNOPSIS
.B "plipconfig interface"
.br
! .B "plipconfig interface [nibble NN] [trigger NN] [unit NN]"
.SH DESCRIPTION
.B Plipconfig
is used to (hopefuly) improve PLIP performance by changing the default
--- 4,10 ----
.SH SYNOPSIS
.B "plipconfig interface"
.br
! .B "plipconfig interface [nibble NN] [trigger NN]"
.SH DESCRIPTION
.B Plipconfig
is used to (hopefuly) improve PLIP performance by changing the default
***************
*** 25,33 ****
.TP
.B "trigger NN"
Sets the trigger wait value in microseconds. Default is 500.
- .TP
- .B "unit NN"
- Sets the number of units of delay. Default is 1.
.LP
PLIP speed can in some cases be improved by lowering the default values.
Values which are too low may cause excess use of CPU, poor interrupt
--- 25,30 ----
*** 1.1 1995/02/19 05:13:19
--- ./man/ipfw.8 1995/02/19 05:44:47
***************
*** 1,28 ****
! .TH IPFW 8 "10 Jan 1995" "" ""
.SH NAME
ipfw \- show / manipulate the ip firewall and accounting tables
.SH SYNOPSIS
! .B "ipfw [ n ] expression"
.SH DESCRIPTION
.B ipfw
manipulates the kernel's IP firewall and accouting table. This allows a
Linux system to screen itself or other hosts by protocols and port numbers.
! An additional extension 'masuerading' provides the ability to operate fairly
generic proxy address mapping.
.SH OPTIONS
.B -n
Turn off name lookup. All addresses will be printed in numeric format.
.SH EXAMPLES
.TP
! .B ipfw flush firewall
Removes all existing firewall entries.
.TP
! .B ipfw addblocking accept tcp from 192.0.2.0/24 to host.my.net 6000
! .B ipfw addblocking deny tcp from 0/0 to host.my.net 6000
Deny all access from the world to tcp port 6000 (X Windows) on the
host host.my.net unless they are from the class C network 192.0.2.x.
.LP
.SH FILES
.I /proc/net/ip_block
.br
.I /proc/net/ip_forward
--- 1,34 ----
! .TH IPFW 8 "18 Feb 1995" "" ""
.SH NAME
ipfw \- show / manipulate the ip firewall and accounting tables
.SH SYNOPSIS
! .B "ipfw [ -n ] expression"
.SH DESCRIPTION
.B ipfw
manipulates the kernel's IP firewall and accouting table. This allows a
Linux system to screen itself or other hosts by protocols and port numbers.
! An additional extension 'masquerading' provides the ability to operate fairly
generic proxy address mapping.
.SH OPTIONS
.B -n
Turn off name lookup. All addresses will be printed in numeric format.
+
+ Invoking ipfw without arguments will print out a syntax summary. Giving
+ ipfw an unknown command (like "help") will print a detailed syntax summary.
.SH EXAMPLES
.TP
! .B ipfw flush blocking
Removes all existing firewall entries.
.TP
! .B ipfw add blocking accept tcp from 192.0.2.0/24 to host.my.net 6000
! .TP
! .B ipfw add blocking deny tcp from 0/0 to host.my.net 6000
Deny all access from the world to tcp port 6000 (X Windows) on the
host host.my.net unless they are from the class C network 192.0.2.x.
.LP
.SH FILES
+ .I /proc/net/ip_acct
+ .br
.I /proc/net/ip_block
.br
.I /proc/net/ip_forward
***************
*** 35,39 ****
The firewall cannot yet do device specific filtering, nor tcp connect
filtering or active rejection of packets (ICMP unreachable). The code
is in a state of development and will evolve further.
- .TP
- The manual page is a joke. Someone literate please write a better one.
--- 41,43 ----
*** 1.1 1995/02/19 03:47:30
--- ./plipconfig.c 1995/02/19 03:48:32
***************
*** 49,61 ****
void usage(void)
{
fprintf(stderr, "Usage: plipconfig [-a] [-i] [-v] interface\n");
! fprintf(stderr, " [nibble NN] [trigger NN] [unit NN]\n");
exit(-1);
}
void print_plip(void)
{
! printf("%s\tnibble %lu trigger %lu unit %lu\n", ifr.ifr_name, plip->nibble, plip->trigger, plip->unit);
}
int main(int argc, char **argv)
--- 49,61 ----
void usage(void)
{
fprintf(stderr, "Usage: plipconfig [-a] [-i] [-v] interface\n");
! fprintf(stderr, " [nibble NN] [trigger NN]\n");
exit(-1);
}
void print_plip(void)
{
! printf("%s\tnibble %lu trigger %lu\n", ifr.ifr_name, plip->nibble, plip->trigger);
}
int main(int argc, char **argv)
***************
*** 108,120 ****
if (*++spp == NULL)
usage();
plip->trigger = atoi(*spp);
- spp++;
- continue;
- }
- if (!strcmp(*spp, "unit")) {
- if (*++spp == NULL)
- usage();
- plip->unit = atoi(*spp);
spp++;
continue;
}
--- 108,113 ----
*** 1.1 1995/02/19 03:51:59
--- ./ipfw.c 1995/02/19 05:52:12
***************
*** 28,33 ****
--- 28,34 ----
* More (major) cleanups and bug fixes by Salvador Abreu <spa@fct.unl.pt>
* Additional options Lutz Pre"sler <Lutz.Pressler@med-stat.gwdg.de>
* Masquerade client support added <Alan.Cox@linux.org>
+ * IP forwarding/blocking code upgraded: Kayvan Sylvan <kayvan@Sylvan.COM>
*/
#include <sys/types.h>
***************
*** 70,76 ****
IPF_MASQUERADE = 3
} ipf_kind;
! static char *ipf_names[4] = {"blocking", "forwarding", "accounting", "maquerading"};
static long ipf_addfunc[4] = {IP_FW_ADD_BLK, IP_FW_ADD_FWD, IP_ACCT_ADD, IP_FW_ADD_FWD};
static long ipf_delfunc[4] = {IP_FW_DEL_BLK, IP_FW_DEL_FWD, IP_ACCT_DEL, IP_FW_DEL_FWD};
static int lookup = 1;
--- 71,77 ----
IPF_MASQUERADE = 3
} ipf_kind;
! static char *ipf_names[4] = {"blocking", "forwarding", "accounting", "masquerading"};
static long ipf_addfunc[4] = {IP_FW_ADD_BLK, IP_FW_ADD_FWD, IP_ACCT_ADD, IP_FW_ADD_FWD};
static long ipf_delfunc[4] = {IP_FW_DEL_BLK, IP_FW_DEL_FWD, IP_ACCT_DEL, IP_FW_DEL_FWD};
static int lookup = 1;
***************
*** 79,85 ****
{
fprintf(stderr, "usage: ipfirewall [-n] l[ist]\n");
fprintf(stderr, "\t\t| f[lush] a[ccounting]\n");
! fprintf(stderr, "\t\t| f[lush] f[irewall]\n");
fprintf(stderr, "\t\t| c[heck] b[locking] <type> from <src> to <dst>\n");
fprintf(stderr, "\t\t| c[heck] f[orwarding] <type> from <src> to <dst>\n");
fprintf(stderr, "\t\t| a[dd] a[ccounting] <type> from <src> to <dst>\n");
--- 80,87 ----
{
fprintf(stderr, "usage: ipfirewall [-n] l[ist]\n");
fprintf(stderr, "\t\t| f[lush] a[ccounting]\n");
! fprintf(stderr, "\t\t| f[lush] b[locking]\n");
! fprintf(stderr, "\t\t| f[lush] f[forwarding]\n");
fprintf(stderr, "\t\t| c[heck] b[locking] <type> from <src> to <dst>\n");
fprintf(stderr, "\t\t| c[heck] f[orwarding] <type> from <src> to <dst>\n");
fprintf(stderr, "\t\t| a[dd] a[ccounting] <type> from <src> to <dst>\n");
***************
*** 168,174 ****
switch (cmd)
{
! CASE(FW_FLUSH);
CASE(FW_CHK_BLK);
CASE(FW_CHK_FWD);
CASE(FW_ADD_BLK);
--- 170,177 ----
switch (cmd)
{
! CASE(FW_FLUSH_BLK);
! CASE(FW_FLUSH_FWD);
CASE(FW_CHK_BLK);
CASE(FW_CHK_FWD);
CASE(FW_ADD_BLK);
***************
*** 1331,1342 ****
{
/* Same kludge as above, see above ranting and griping -BB */
unsigned long fred = 1;
! (void) do_setsockopt(argv[1], socket_fd, IPPROTO_IP, IP_FW_FLUSH, &fred, sizeof(unsigned long), 0);
}
else
{
fprintf(stderr,
! "ipfw: expected \"accounting\" or \"firewall\".");
exit(1);
--- 1334,1351 ----
{
/* Same kludge as above, see above ranting and griping -BB */
unsigned long fred = 1;
! (void) do_setsockopt(argv[1], socket_fd, IPPROTO_IP, IP_FW_FLUSH_BLK, &fred, sizeof(unsigned long), 0);
}
+ else if (MATCH(argv[2], "blocking"))
+ {
+ /* Same kludge as above, see above ranting and griping -KS */
+ unsigned long fred = 1;
+ (void) do_setsockopt(argv[1], socket_fd, IPPROTO_IP, IP_FW_FLUSH_FWD, &fred, sizeof(unsigned long), 0);
+ }
else
{
fprintf(stderr,
! "ipfw: expected \"accounting\", \"blocking\" or \"forwarding\".");
exit(1);
---Kayvan
"The trust and respect of a child is an honor to be earned, not demanded."
Kayvan Sylvan | Sylvan Associates | Proud Dad of:
kayvan@Sylvan.COM | http://www.isp.net/~kayvan | Katherine Yelena (8/8/89)
(408) 978-1407 PGP OK | Ask me about Avatar. | Robin Gregory (2/28/92)
