bin/127058: add "all" command line option to ipfw table listing
ganbold
ganbold at freebsd.org
Wed Sep 3 03:50:03 UTC 2008
The following reply was made to PR bin/127058; it has been noted by GNATS.
From: ganbold <ganbold at freebsd.org>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: bin/127058: add "all" command line option to ipfw table listing
Date: Wed, 03 Sep 2008 11:45:06 +0800
I guess more complete ipfw(8) part of patch is here:
--- ipfw.8-original 2008-09-01 17:08:35.000000000 +0800
+++ ipfw.8 2008-09-03 11:33:30.000000000 +0800
@@ -51,7 +51,9 @@
.Nm
.Cm table Ar number Cm flush
.Nm
-.Cm table Ar number Cm list
+.Cm table
+.Brq Ar number | all
+.Cm list
.Pp
.Nm
.Brq Cm pipe | queue
@@ -2207,6 +2209,8 @@
.It Em net.inet.ip.fw.debug : No 1
Controls debugging messages produced by
.Nm .
+.It Em net.inet.ip.fw.tables_max : No 128
+Maximum number of tables.
.It Em net.inet.ip.fw.dyn_buckets : No 256
The number of buckets in the hash table for dynamic rules.
Must be a power of 2, up to 65536.
thanks,
Ganbold
Ganbold wrote:
>> Number: 127058
>> Category: bin
>> Synopsis: add "all" command line option to ipfw table listing
>> Confidential: no
>> Severity: non-critical
>> Priority: low
>> Responsible: freebsd-bugs
>> State: open
>> Quarter:
>> Keywords:
>> Date-Required:
>> Class: sw-bug
>> Submitter-Id: current-users
>> Arrival-Date: Wed Sep 03 02:50:00 UTC 2008
>> Closed-Date:
>> Last-Modified:
>> Originator: Ganbold
>> Release: RELENG_7
>> Organization:
>> Environment:
>> Description:
>>
> Following patches add possibility to list IP addresses from all defined ipfw tables.
>
> For example:
>
> v02# ipfw table all list
> ---table(1)---
> 202.179.18.7/32 0
> 202.179.27.132/32 0
> 208.48.2.0/24 0
> ---table(2)---
> 202.72.244.226/32 0
> ---table(3)---
> 61.222.9.212/32 0
> 74.53.215.0/24 0
> 75.125.150.0/24 0
> 75.125.150.18/32 0
> 75.126.214.0/24 0
> 121.156.57.4/32 0
> 163.29.176.20/32 0
> 212.37.111.0/24 0
> ---table(4)---
> 64.202.163.213/32 0
> ---table(5)---
> 165.146.30.119/32 0
> 196.207.13.5/32 0
> .
>
> Patches are fully tested on RELENG_7 (FreeBSD 7.1-PRERELEASE #6: Wed Sep 3 10:02:27 ULAT 2008).
>
> Also these patches successfully applies to CURRENT.
>
>
>> How-To-Repeat:
>>
>
>
>> Fix:
>>
> --- ip_fw2.c.orig 2008-08-20 03:58:42.000000000 +0800
> +++ ip_fw2.c 2008-09-03 09:53:29.000000000 +0800
> @@ -254,7 +254,10 @@
> static u_int32_t static_len; /* size in bytes of static rules */
> static u_int32_t dyn_count; /* # of dynamic rules */
> static u_int32_t dyn_max = 4096; /* max # of dynamic rules */
> +static u_int32_t tables_max = IPFW_TABLES_MAX; /* max # of tables */
>
> +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, tables_max, CTLFLAG_RD,
> + &tables_max, 0, "Max number of tables");
> SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_buckets, CTLFLAG_RW,
> &dyn_buckets, 0, "Number of dyn. buckets");
> SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, CTLFLAG_RD,
>
>
>
>
> --- ipfw2.c.orig 2008-09-03 09:58:22.000000000 +0800
> +++ ipfw2.c 2008-09-03 10:19:20.000000000 +0800
> @@ -5860,22 +5860,27 @@
> * ipfw table N add addr[/masklen] [value]
> * ipfw table N delete addr[/masklen]
> * ipfw table N flush
> - * ipfw table N list
> + * ipfw table N|all list
> */
> static void
> table_handler(int ac, char *av[])
> {
> ipfw_table_entry ent;
> ipfw_table *tbl;
> - int do_add;
> + int do_add, is_all = 0;
> char *p;
> socklen_t l;
> - uint32_t a;
> + uint32_t a, b, c;
> + size_t len;
>
> ac--; av++;
> if (ac && isdigit(**av)) {
> ent.tbl = atoi(*av);
> ac--; av++;
> + } else if (_substrcmp(*av, "all") == 0) {
> + ent.tbl = 0;
> + is_all = 1;
> + ac--; av++;
> } else
> errx(EX_USAGE, "table number required");
> NEED1("table needs command");
> @@ -5931,33 +5936,48 @@
> if (do_cmd(IP_FW_TABLE_FLUSH, &ent.tbl, sizeof(ent.tbl)) < 0)
> err(EX_OSERR, "setsockopt(IP_FW_TABLE_FLUSH)");
> } else if (_substrcmp(*av, "list") == 0) {
> - a = ent.tbl;
> - l = sizeof(a);
> - if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0)
> - err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)");
> - l = sizeof(*tbl) + a * sizeof(ipfw_table_entry);
> - tbl = malloc(l);
> - if (tbl == NULL)
> - err(EX_OSERR, "malloc");
> - tbl->tbl = ent.tbl;
> - if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0)
> - err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)");
> - for (a = 0; a < tbl->cnt; a++) {
> - unsigned int tval;
> - tval = tbl->ent[a].value;
> - if (do_value_as_ip) {
> - char tbuf[128];
> - strncpy(tbuf, inet_ntoa(*(struct in_addr *)
> - &tbl->ent[a].addr), 127);
> - /* inet_ntoa expects network order */
> - tval = htonl(tval);
> - printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen,
> - inet_ntoa(*(struct in_addr *)&tval));
> - } else {
> - printf("%s/%u %u\n",
> - inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr),
> - tbl->ent[a].masklen, tval);
> + c = ent.tbl;
> + if (is_all) {
> + len = sizeof(uint32_t);
> + /* get IPFW_TABLES_MAX */
> + if (sysctlbyname("net.inet.ip.fw.tables_max",
> + &c, &len, NULL, 0) == -1)
> + errx(1, "sysctlbyname(\"%s\")",
> + "net.inet.ip.fw.tables_max");
> + c -= 1;
> + }
> + for (b = ent.tbl; b <= c; b++) {
> + a = b;
> + l = sizeof(b);
> + if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0)
> + err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)");
> + l = sizeof(*tbl) + a * sizeof(ipfw_table_entry);
> + tbl = malloc(l);
> + if (tbl == NULL)
> + err(EX_OSERR, "malloc");
> + tbl->tbl = b;
> + if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0)
> + err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)");
> + if (tbl->cnt && is_all)
> + printf("---table(%d)---\n", b);
> + for (a = 0; a < tbl->cnt; a++) {
> + unsigned int tval;
> + tval = tbl->ent[a].value;
> + if (do_value_as_ip) {
> + char tbuf[128];
> + strncpy(tbuf, inet_ntoa(*(struct in_addr *)
> + &tbl->ent[a].addr), 127);
> + /* inet_ntoa expects network order */
> + tval = htonl(tval);
> + printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen,
> + inet_ntoa(*(struct in_addr *)&tval));
> + } else {
> + printf("%s/%u %u\n",
> + inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr),
> + tbl->ent[a].masklen, tval);
> + }
> }
> + free(tbl);
> }
> } else
> errx(EX_USAGE, "invalid table command %s", *av);
>
>
>
>
>
> --- ipfw.8-original 2008-09-01 17:08:35.000000000 +0800
> +++ ipfw.8 2008-09-03 10:26:07.000000000 +0800
> @@ -51,7 +51,9 @@
> .Nm
> .Cm table Ar number Cm flush
> .Nm
> -.Cm table Ar number Cm list
> +.Cm table
> +.Brq Ar number | all
> +.Cm list
> .Pp
> .Nm
> .Brq Cm pipe | queue
>
>
>
>
>
>> Release-Note:
>> Audit-Trail:
>> Unformatted:
>>
> _______________________________________________
> freebsd-bugs at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
> To unsubscribe, send any mail to "freebsd-bugs-unsubscribe at freebsd.org"
>
>
>
>
--
The difference between a misfortune and a calamity? If Gladstone fell
into the Thames, it would be a misfortune. But if someone dragged him
out again, it would be a calamity. -- Benjamin Disraeli
More information about the freebsd-ipfw
mailing list