From owner-freebsd-hackers@FreeBSD.ORG  Tue Oct  4 05:28:12 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: hackers@freebsd.org
Delivered-To: freebsd-hackers@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0DCA216A42A;
	Tue,  4 Oct 2005 05:28:12 +0000 (GMT)
	(envelope-from bu7cher@yandex.ru)
Received: from mail.rdu.kirov.ru (ns.rdu.kirov.ru [217.9.151.217])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4FE5743D45;
	Tue,  4 Oct 2005 05:28:10 +0000 (GMT)
	(envelope-from bu7cher@yandex.ru)
Received: from kirov.so-cdu.ru (kirov [172.21.81.1])
	by mail.rdu.kirov.ru (Postfix) with ESMTP id DDC13FEBB;
	Tue,  4 Oct 2005 09:28:08 +0400 (MSD)
Received: from kirov.so-cdu.ru (localhost [127.0.0.1])
	by rdu.kirov.ru (Postfix) with SMTP
	id CE25F15C8A; Tue,  4 Oct 2005 09:28:08 +0400 (MSD)
Received: by rdu.kirov.ru (Postfix, from userid 1014)
	id 972CE15C88; Tue,  4 Oct 2005 09:28:08 +0400 (MSD)
Received: from [172.21.81.52] (elsukov.kirov.so-cdu.ru [172.21.81.52])
	by rdu.kirov.ru (Postfix) with ESMTP
	id 805FE15C82; Tue,  4 Oct 2005 09:28:08 +0400 (MSD)
Message-ID: <434212E8.5050001@yandex.ru>
Date: Tue, 04 Oct 2005 09:28:08 +0400
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla Thunderbird 1.0.6 (FreeBSD/20050716)
MIME-Version: 1.0
To: ipfw@freebsd.org
References: <433A406B.3000300@yandex.ru>
In-Reply-To: <433A406B.3000300@yandex.ru>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Cc: hackers@freebsd.org
Subject: Re: nonprivileged access to ipfw
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: bu7cher@yandex.ru
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2005 05:28:13 -0000

Andrey V. Elsukov wrote:
> I want a nonprivileged access to ipfw (without sudo, suid and etc..).
> But RAW sockets restrict this. I have an one idea - a pseudo device
> /dev/ipfw. I think that realisation of this feature is not
> difficult task. Now i have some questions.

Thanks for more answers :)
I has finished this. But i have one question, how to I should act with a 
dummynet code?
Through a pseudo device /dev/ipfwctl we can control an ipfw state.
The access to ipfwctl device can be configured via devfs.conf.
User must have a write permissions to /dev/ipfwctl for change ipfw state 
and a read permissions for read ipfw state.
Patch can be found here: http://butcher.heavennet.ru/ipfw_ioctl/

-- 
WBR, Andrey V. Elsukov