bin/127058: add "all" command line option to ipfw table listing
Ganbold
ganbold at FreeBSD.org
Wed Sep 3 02:50:01 UTC 2008
>Number: 127058
>Category: bin
>Synopsis: add "all" command line option to ipfw table listing
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Sep 03 02:50:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Ganbold
>Release: RELENG_7
>Organization:
>Environment:
>Description:
Following patches add possibility to list IP addresses from all defined ipfw tables.
For example:
v02# ipfw table all list
---table(1)---
202.179.18.7/32 0
202.179.27.132/32 0
208.48.2.0/24 0
---table(2)---
202.72.244.226/32 0
---table(3)---
61.222.9.212/32 0
74.53.215.0/24 0
75.125.150.0/24 0
75.125.150.18/32 0
75.126.214.0/24 0
121.156.57.4/32 0
163.29.176.20/32 0
212.37.111.0/24 0
---table(4)---
64.202.163.213/32 0
---table(5)---
165.146.30.119/32 0
196.207.13.5/32 0
..
Patches are fully tested on RELENG_7 (FreeBSD 7.1-PRERELEASE #6: Wed Sep 3 10:02:27 ULAT 2008).
Also these patches successfully applies to CURRENT.
>How-To-Repeat:
>Fix:
--- ip_fw2.c.orig 2008-08-20 03:58:42.000000000 +0800
+++ ip_fw2.c 2008-09-03 09:53:29.000000000 +0800
@@ -254,7 +254,10 @@
static u_int32_t static_len; /* size in bytes of static rules */
static u_int32_t dyn_count; /* # of dynamic rules */
static u_int32_t dyn_max = 4096; /* max # of dynamic rules */
+static u_int32_t tables_max = IPFW_TABLES_MAX; /* max # of tables */
+SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, tables_max, CTLFLAG_RD,
+ &tables_max, 0, "Max number of tables");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_buckets, CTLFLAG_RW,
&dyn_buckets, 0, "Number of dyn. buckets");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, CTLFLAG_RD,
--- ipfw2.c.orig 2008-09-03 09:58:22.000000000 +0800
+++ ipfw2.c 2008-09-03 10:19:20.000000000 +0800
@@ -5860,22 +5860,27 @@
* ipfw table N add addr[/masklen] [value]
* ipfw table N delete addr[/masklen]
* ipfw table N flush
- * ipfw table N list
+ * ipfw table N|all list
*/
static void
table_handler(int ac, char *av[])
{
ipfw_table_entry ent;
ipfw_table *tbl;
- int do_add;
+ int do_add, is_all = 0;
char *p;
socklen_t l;
- uint32_t a;
+ uint32_t a, b, c;
+ size_t len;
ac--; av++;
if (ac && isdigit(**av)) {
ent.tbl = atoi(*av);
ac--; av++;
+ } else if (_substrcmp(*av, "all") == 0) {
+ ent.tbl = 0;
+ is_all = 1;
+ ac--; av++;
} else
errx(EX_USAGE, "table number required");
NEED1("table needs command");
@@ -5931,33 +5936,48 @@
if (do_cmd(IP_FW_TABLE_FLUSH, &ent.tbl, sizeof(ent.tbl)) < 0)
err(EX_OSERR, "setsockopt(IP_FW_TABLE_FLUSH)");
} else if (_substrcmp(*av, "list") == 0) {
- a = ent.tbl;
- l = sizeof(a);
- if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0)
- err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)");
- l = sizeof(*tbl) + a * sizeof(ipfw_table_entry);
- tbl = malloc(l);
- if (tbl == NULL)
- err(EX_OSERR, "malloc");
- tbl->tbl = ent.tbl;
- if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0)
- err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)");
- for (a = 0; a < tbl->cnt; a++) {
- unsigned int tval;
- tval = tbl->ent[a].value;
- if (do_value_as_ip) {
- char tbuf[128];
- strncpy(tbuf, inet_ntoa(*(struct in_addr *)
- &tbl->ent[a].addr), 127);
- /* inet_ntoa expects network order */
- tval = htonl(tval);
- printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen,
- inet_ntoa(*(struct in_addr *)&tval));
- } else {
- printf("%s/%u %u\n",
- inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr),
- tbl->ent[a].masklen, tval);
+ c = ent.tbl;
+ if (is_all) {
+ len = sizeof(uint32_t);
+ /* get IPFW_TABLES_MAX */
+ if (sysctlbyname("net.inet.ip.fw.tables_max",
+ &c, &len, NULL, 0) == -1)
+ errx(1, "sysctlbyname(\"%s\")",
+ "net.inet.ip.fw.tables_max");
+ c -= 1;
+ }
+ for (b = ent.tbl; b <= c; b++) {
+ a = b;
+ l = sizeof(b);
+ if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0)
+ err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)");
+ l = sizeof(*tbl) + a * sizeof(ipfw_table_entry);
+ tbl = malloc(l);
+ if (tbl == NULL)
+ err(EX_OSERR, "malloc");
+ tbl->tbl = b;
+ if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0)
+ err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)");
+ if (tbl->cnt && is_all)
+ printf("---table(%d)---\n", b);
+ for (a = 0; a < tbl->cnt; a++) {
+ unsigned int tval;
+ tval = tbl->ent[a].value;
+ if (do_value_as_ip) {
+ char tbuf[128];
+ strncpy(tbuf, inet_ntoa(*(struct in_addr *)
+ &tbl->ent[a].addr), 127);
+ /* inet_ntoa expects network order */
+ tval = htonl(tval);
+ printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen,
+ inet_ntoa(*(struct in_addr *)&tval));
+ } else {
+ printf("%s/%u %u\n",
+ inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr),
+ tbl->ent[a].masklen, tval);
+ }
}
+ free(tbl);
}
} else
errx(EX_USAGE, "invalid table command %s", *av);
--- ipfw.8-original 2008-09-01 17:08:35.000000000 +0800
+++ ipfw.8 2008-09-03 10:26:07.000000000 +0800
@@ -51,7 +51,9 @@
.Nm
.Cm table Ar number Cm flush
.Nm
-.Cm table Ar number Cm list
+.Cm table
+.Brq Ar number | all
+.Cm list
.Pp
.Nm
.Brq Cm pipe | queue
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list