[99] in linux-net channel archive
Patches to get net-tools-1.1.79 to run on 1.1.92
daemon@ATHENA.MIT.EDU (Kayvan Sylvan)
Sun Feb 19 02:30:43 1995
Date: Sat, 18 Feb 95 21:55 PST
To: linux-net@vger.rutgers.edu
From: Kayvan Sylvan <kayvan@Sylvan.COM>
Here's what I had to do to get net-tools-1.1.79 to compile on
linux-1.1.92.
The units member of struct plipconf has been removed in the recent
kernels. I made the corresponding change in the net-tools. I don't use
the plip device, so I can't test whether or not it works.
The IP forwarding and firewall code in ipfw.c needed some updating as
well. Someone who uses the IP forwarding and blocking on a regular
basis should test these patches.
*** 1.1 1995/02/19 04:13:45
--- ./man/plipconfig.8 1995/02/19 04:14:42
***************
*** 4,10 ****
.SH SYNOPSIS
.B "plipconfig interface"
.br
! .B "plipconfig interface [nibble NN] [trigger NN] [unit NN]"
.SH DESCRIPTION
.B Plipconfig
is used to (hopefuly) improve PLIP performance by changing the default
--- 4,10 ----
.SH SYNOPSIS
.B "plipconfig interface"
.br
! .B "plipconfig interface [nibble NN] [trigger NN]"
.SH DESCRIPTION
.B Plipconfig
is used to (hopefuly) improve PLIP performance by changing the default
***************
*** 25,33 ****
.TP
.B "trigger NN"
Sets the trigger wait value in microseconds. Default is 500.
- .TP
- .B "unit NN"
- Sets the number of units of delay. Default is 1.
.LP
PLIP speed can in some cases be improved by lowering the default values.
Values which are too low may cause excess use of CPU, poor interrupt
--- 25,30 ----
*** 1.1 1995/02/19 05:13:19
--- ./man/ipfw.8 1995/02/19 05:44:47
***************
*** 1,28 ****
! .TH IPFW 8 "10 Jan 1995" "" ""
.SH NAME
ipfw \- show / manipulate the ip firewall and accounting tables
.SH SYNOPSIS
! .B "ipfw [ n ] expression"
.SH DESCRIPTION
.B ipfw
manipulates the kernel's IP firewall and accouting table. This allows a
Linux system to screen itself or other hosts by protocols and port numbers.
! An additional extension 'masuerading' provides the ability to operate fairly
generic proxy address mapping.
.SH OPTIONS
.B -n
Turn off name lookup. All addresses will be printed in numeric format.
.SH EXAMPLES
.TP
! .B ipfw flush firewall
Removes all existing firewall entries.
.TP
! .B ipfw addblocking accept tcp from 192.0.2.0/24 to host.my.net 6000
! .B ipfw addblocking deny tcp from 0/0 to host.my.net 6000
Deny all access from the world to tcp port 6000 (X Windows) on the
host host.my.net unless they are from the class C network 192.0.2.x.
.LP
.SH FILES
.I /proc/net/ip_block
.br
.I /proc/net/ip_forward
--- 1,34 ----
! .TH IPFW 8 "18 Feb 1995" "" ""
.SH NAME
ipfw \- show / manipulate the ip firewall and accounting tables
.SH SYNOPSIS
! .B "ipfw [ -n ] expression"
.SH DESCRIPTION
.B ipfw
manipulates the kernel's IP firewall and accouting table. This allows a
Linux system to screen itself or other hosts by protocols and port numbers.
! An additional extension 'masquerading' provides the ability to operate fairly
generic proxy address mapping.
.SH OPTIONS
.B -n
Turn off name lookup. All addresses will be printed in numeric format.
+
+ Invoking ipfw without arguments will print out a syntax summary. Giving
+ ipfw an unknown command (like "help") will print a detailed syntax summary.
.SH EXAMPLES
.TP
! .B ipfw flush blocking
Removes all existing firewall entries.
.TP
! .B ipfw add blocking accept tcp from 192.0.2.0/24 to host.my.net 6000
! .TP
! .B ipfw add blocking deny tcp from 0/0 to host.my.net 6000
Deny all access from the world to tcp port 6000 (X Windows) on the
host host.my.net unless they are from the class C network 192.0.2.x.
.LP
.SH FILES
+ .I /proc/net/ip_acct
+ .br
.I /proc/net/ip_block
.br
.I /proc/net/ip_forward
***************
*** 35,39 ****
The firewall cannot yet do device specific filtering, nor tcp connect
filtering or active rejection of packets (ICMP unreachable). The code
is in a state of development and will evolve further.
- .TP
- The manual page is a joke. Someone literate please write a better one.
--- 41,43 ----
*** 1.1 1995/02/19 03:47:30
--- ./plipconfig.c 1995/02/19 03:48:32
***************
*** 49,61 ****
void usage(void)
{
fprintf(stderr, "Usage: plipconfig [-a] [-i] [-v] interface\n");
! fprintf(stderr, " [nibble NN] [trigger NN] [unit NN]\n");
exit(-1);
}
void print_plip(void)
{
! printf("%s\tnibble %lu trigger %lu unit %lu\n", ifr.ifr_name, plip->nibble, plip->trigger, plip->unit);
}
int main(int argc, char **argv)
--- 49,61 ----
void usage(void)
{
fprintf(stderr, "Usage: plipconfig [-a] [-i] [-v] interface\n");
! fprintf(stderr, " [nibble NN] [trigger NN]\n");
exit(-1);
}
void print_plip(void)
{
! printf("%s\tnibble %lu trigger %lu\n", ifr.ifr_name, plip->nibble, plip->trigger);
}
int main(int argc, char **argv)
***************
*** 108,120 ****
if (*++spp == NULL)
usage();
plip->trigger = atoi(*spp);
- spp++;
- continue;
- }
- if (!strcmp(*spp, "unit")) {
- if (*++spp == NULL)
- usage();
- plip->unit = atoi(*spp);
spp++;
continue;
}
--- 108,113 ----
*** 1.1 1995/02/19 03:51:59
--- ./ipfw.c 1995/02/19 05:52:12
***************
*** 28,33 ****
--- 28,34 ----
* More (major) cleanups and bug fixes by Salvador Abreu <spa@fct.unl.pt>
* Additional options Lutz Pre"sler <Lutz.Pressler@med-stat.gwdg.de>
* Masquerade client support added <Alan.Cox@linux.org>
+ * IP forwarding/blocking code upgraded: Kayvan Sylvan <kayvan@Sylvan.COM>
*/
#include <sys/types.h>
***************
*** 70,76 ****
IPF_MASQUERADE = 3
} ipf_kind;
! static char *ipf_names[4] = {"blocking", "forwarding", "accounting", "maquerading"};
static long ipf_addfunc[4] = {IP_FW_ADD_BLK, IP_FW_ADD_FWD, IP_ACCT_ADD, IP_FW_ADD_FWD};
static long ipf_delfunc[4] = {IP_FW_DEL_BLK, IP_FW_DEL_FWD, IP_ACCT_DEL, IP_FW_DEL_FWD};
static int lookup = 1;
--- 71,77 ----
IPF_MASQUERADE = 3
} ipf_kind;
! static char *ipf_names[4] = {"blocking", "forwarding", "accounting", "masquerading"};
static long ipf_addfunc[4] = {IP_FW_ADD_BLK, IP_FW_ADD_FWD, IP_ACCT_ADD, IP_FW_ADD_FWD};
static long ipf_delfunc[4] = {IP_FW_DEL_BLK, IP_FW_DEL_FWD, IP_ACCT_DEL, IP_FW_DEL_FWD};
static int lookup = 1;
***************
*** 79,85 ****
{
fprintf(stderr, "usage: ipfirewall [-n] l[ist]\n");
fprintf(stderr, "\t\t| f[lush] a[ccounting]\n");
! fprintf(stderr, "\t\t| f[lush] f[irewall]\n");
fprintf(stderr, "\t\t| c[heck] b[locking] <type> from <src> to <dst>\n");
fprintf(stderr, "\t\t| c[heck] f[orwarding] <type> from <src> to <dst>\n");
fprintf(stderr, "\t\t| a[dd] a[ccounting] <type> from <src> to <dst>\n");
--- 80,87 ----
{
fprintf(stderr, "usage: ipfirewall [-n] l[ist]\n");
fprintf(stderr, "\t\t| f[lush] a[ccounting]\n");
! fprintf(stderr, "\t\t| f[lush] b[locking]\n");
! fprintf(stderr, "\t\t| f[lush] f[forwarding]\n");
fprintf(stderr, "\t\t| c[heck] b[locking] <type> from <src> to <dst>\n");
fprintf(stderr, "\t\t| c[heck] f[orwarding] <type> from <src> to <dst>\n");
fprintf(stderr, "\t\t| a[dd] a[ccounting] <type> from <src> to <dst>\n");
***************
*** 168,174 ****
switch (cmd)
{
! CASE(FW_FLUSH);
CASE(FW_CHK_BLK);
CASE(FW_CHK_FWD);
CASE(FW_ADD_BLK);
--- 170,177 ----
switch (cmd)
{
! CASE(FW_FLUSH_BLK);
! CASE(FW_FLUSH_FWD);
CASE(FW_CHK_BLK);
CASE(FW_CHK_FWD);
CASE(FW_ADD_BLK);
***************
*** 1331,1342 ****
{
/* Same kludge as above, see above ranting and griping -BB */
unsigned long fred = 1;
! (void) do_setsockopt(argv[1], socket_fd, IPPROTO_IP, IP_FW_FLUSH, &fred, sizeof(unsigned long), 0);
}
else
{
fprintf(stderr,
! "ipfw: expected \"accounting\" or \"firewall\".");
exit(1);
--- 1334,1351 ----
{
/* Same kludge as above, see above ranting and griping -BB */
unsigned long fred = 1;
! (void) do_setsockopt(argv[1], socket_fd, IPPROTO_IP, IP_FW_FLUSH_BLK, &fred, sizeof(unsigned long), 0);
}
+ else if (MATCH(argv[2], "blocking"))
+ {
+ /* Same kludge as above, see above ranting and griping -KS */
+ unsigned long fred = 1;
+ (void) do_setsockopt(argv[1], socket_fd, IPPROTO_IP, IP_FW_FLUSH_FWD, &fred, sizeof(unsigned long), 0);
+ }
else
{
fprintf(stderr,
! "ipfw: expected \"accounting\", \"blocking\" or \"forwarding\".");
exit(1);
"The trust and respect of a child is an honor to be earned, not demanded."
Kayvan Sylvan | Sylvan Associates | Proud Dad of:
kayvan@Sylvan.COM | Training, Consulting | Katherine Yelena (8/8/89)
(408) 978-1407 can PGP | Ask me about Avatar. | Robin Gregory (2/28/92)
