bin/127058: add "all" command line option to ipfw table listing

Ganbold ganbold at FreeBSD.org
Wed Sep 3 02:50:01 UTC 2008 

>Number:         127058
>Category:       bin
>Synopsis:       add "all" command line option to ipfw table listing
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 03 02:50:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Ganbold
>Release:        RELENG_7
>Organization:
>Environment:
>Description:
Following patches add possibility to list IP addresses from all defined ipfw tables.

For example:

v02# ipfw table all list
---table(1)---
202.179.18.7/32 0
202.179.27.132/32 0
208.48.2.0/24 0
---table(2)---
202.72.244.226/32 0
---table(3)---
61.222.9.212/32 0
74.53.215.0/24 0
75.125.150.0/24 0
75.125.150.18/32 0
75.126.214.0/24 0
121.156.57.4/32 0
163.29.176.20/32 0
212.37.111.0/24 0
---table(4)---
64.202.163.213/32 0
---table(5)---
165.146.30.119/32 0
196.207.13.5/32 0
..

Patches are fully tested on RELENG_7 (FreeBSD 7.1-PRERELEASE #6: Wed Sep  3 10:02:27 ULAT 2008).

Also these patches successfully applies to CURRENT.

>How-To-Repeat:

>Fix:
--- ip_fw2.c.orig	2008-08-20 03:58:42.000000000 +0800
+++ ip_fw2.c	2008-09-03 09:53:29.000000000 +0800
@@ -254,7 +254,10 @@
 static u_int32_t static_len;	/* size in bytes of static rules */
 static u_int32_t dyn_count;		/* # of dynamic rules */
 static u_int32_t dyn_max = 4096;	/* max # of dynamic rules */
+static u_int32_t tables_max = IPFW_TABLES_MAX;	/* max # of tables */
 
+SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, tables_max, CTLFLAG_RD,
+    &tables_max, 0, "Max number of tables");
 SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_buckets, CTLFLAG_RW,
     &dyn_buckets, 0, "Number of dyn. buckets");
 SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, CTLFLAG_RD,




--- ipfw2.c.orig	2008-09-03 09:58:22.000000000 +0800
+++ ipfw2.c	2008-09-03 10:19:20.000000000 +0800
@@ -5860,22 +5860,27 @@
  * 	ipfw table N add addr[/masklen] [value]
  * 	ipfw table N delete addr[/masklen]
  * 	ipfw table N flush
- * 	ipfw table N list
+ * 	ipfw table N|all list
  */
 static void
 table_handler(int ac, char *av[])
 {
 	ipfw_table_entry ent;
 	ipfw_table *tbl;
-	int do_add;
+	int do_add, is_all = 0;
 	char *p;
 	socklen_t l;
-	uint32_t a;
+	uint32_t a, b, c;
+	size_t len;
 
 	ac--; av++;
 	if (ac && isdigit(**av)) {
 		ent.tbl = atoi(*av);
 		ac--; av++;
+	} else if (_substrcmp(*av, "all") == 0) {
+		ent.tbl = 0;
+		is_all = 1;
+		ac--; av++;
 	} else
 		errx(EX_USAGE, "table number required");
 	NEED1("table needs command");
@@ -5931,33 +5936,48 @@
 		if (do_cmd(IP_FW_TABLE_FLUSH, &ent.tbl, sizeof(ent.tbl)) < 0)
 			err(EX_OSERR, "setsockopt(IP_FW_TABLE_FLUSH)");
 	} else if (_substrcmp(*av, "list") == 0) {
-		a = ent.tbl;
-		l = sizeof(a);
-		if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0)
-			err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)");
-		l = sizeof(*tbl) + a * sizeof(ipfw_table_entry);
-		tbl = malloc(l);
-		if (tbl == NULL)
-			err(EX_OSERR, "malloc");
-		tbl->tbl = ent.tbl;
-		if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0)
-			err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)");
-		for (a = 0; a < tbl->cnt; a++) {
-			unsigned int tval;
-			tval = tbl->ent[a].value;
-			if (do_value_as_ip) {
-			    char tbuf[128];
-			    strncpy(tbuf, inet_ntoa(*(struct in_addr *)
-				&tbl->ent[a].addr), 127);
-			    /* inet_ntoa expects network order */
-			    tval = htonl(tval);
-			    printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen,
-			        inet_ntoa(*(struct in_addr *)&tval));
-			} else {
-			    printf("%s/%u %u\n",
-			        inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr),
-			        tbl->ent[a].masklen, tval);
+		c = ent.tbl;
+		if (is_all) {
+	                len = sizeof(uint32_t);
+			/* get IPFW_TABLES_MAX */
+        	        if (sysctlbyname("net.inet.ip.fw.tables_max",
+                	        &c, &len, NULL, 0) == -1)
+	                    errx(1, "sysctlbyname(\"%s\")",
+        	                "net.inet.ip.fw.tables_max");
+			c -= 1;
+		}
+		for (b = ent.tbl; b <= c; b++) {
+			a = b;
+			l = sizeof(b);
+			if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0)
+				err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)");
+			l = sizeof(*tbl) + a * sizeof(ipfw_table_entry);
+			tbl = malloc(l);
+			if (tbl == NULL)
+				err(EX_OSERR, "malloc");
+			tbl->tbl = b;
+			if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0)
+				err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)");
+			if (tbl->cnt && is_all)
+				printf("---table(%d)---\n", b);
+			for (a = 0; a < tbl->cnt; a++) {
+				unsigned int tval;
+				tval = tbl->ent[a].value;
+				if (do_value_as_ip) {
+				    char tbuf[128];
+				    strncpy(tbuf, inet_ntoa(*(struct in_addr *)
+					&tbl->ent[a].addr), 127);
+				    /* inet_ntoa expects network order */
+				    tval = htonl(tval);
+				    printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen,
+				        inet_ntoa(*(struct in_addr *)&tval));
+				} else {
+				    printf("%s/%u %u\n",
+				        inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr),
+			        	tbl->ent[a].masklen, tval);
+				}
 			}
+			free(tbl);
 		}
 	} else
 		errx(EX_USAGE, "invalid table command %s", *av);





--- ipfw.8-original	2008-09-01 17:08:35.000000000 +0800
+++ ipfw.8	2008-09-03 10:26:07.000000000 +0800
@@ -51,7 +51,9 @@
 .Nm
 .Cm table Ar number Cm flush
 .Nm
-.Cm table Ar number Cm list
+.Cm table
+.Brq Ar number | all 
+.Cm list
 .Pp
 .Nm
 .Brq Cm pipe | queue




>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list