From owner-freebsd-ipfw@FreeBSD.ORG Wed Sep 3 03:50:03 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B9A701065740 for ; Wed, 3 Sep 2008 03:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AAE248FC08 for ; Wed, 3 Sep 2008 03:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m833o3mJ074996 for ; Wed, 3 Sep 2008 03:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m833o3sY074995; Wed, 3 Sep 2008 03:50:03 GMT (envelope-from gnats) Date: Wed, 3 Sep 2008 03:50:03 GMT Message-Id: <200809030350.m833o3sY074995@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: ganbold Cc: Subject: Re: bin/127058: add "all" command line option to ipfw table listing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ganbold List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2008 03:50:03 -0000 The following reply was made to PR bin/127058; it has been noted by GNATS. From: ganbold To: bug-followup@FreeBSD.org Cc: Subject: Re: bin/127058: add "all" command line option to ipfw table listing Date: Wed, 03 Sep 2008 11:45:06 +0800 I guess more complete ipfw(8) part of patch is here: --- ipfw.8-original 2008-09-01 17:08:35.000000000 +0800 +++ ipfw.8 2008-09-03 11:33:30.000000000 +0800 @@ -51,7 +51,9 @@ .Nm .Cm table Ar number Cm flush .Nm -.Cm table Ar number Cm list +.Cm table +.Brq Ar number | all +.Cm list .Pp .Nm .Brq Cm pipe | queue @@ -2207,6 +2209,8 @@ .It Em net.inet.ip.fw.debug : No 1 Controls debugging messages produced by .Nm . +.It Em net.inet.ip.fw.tables_max : No 128 +Maximum number of tables. .It Em net.inet.ip.fw.dyn_buckets : No 256 The number of buckets in the hash table for dynamic rules. Must be a power of 2, up to 65536. thanks, Ganbold Ganbold wrote: >> Number: 127058 >> Category: bin >> Synopsis: add "all" command line option to ipfw table listing >> Confidential: no >> Severity: non-critical >> Priority: low >> Responsible: freebsd-bugs >> State: open >> Quarter: >> Keywords: >> Date-Required: >> Class: sw-bug >> Submitter-Id: current-users >> Arrival-Date: Wed Sep 03 02:50:00 UTC 2008 >> Closed-Date: >> Last-Modified: >> Originator: Ganbold >> Release: RELENG_7 >> Organization: >> Environment: >> Description: >> > Following patches add possibility to list IP addresses from all defined ipfw tables. > > For example: > > v02# ipfw table all list > ---table(1)--- > 202.179.18.7/32 0 > 202.179.27.132/32 0 > 208.48.2.0/24 0 > ---table(2)--- > 202.72.244.226/32 0 > ---table(3)--- > 61.222.9.212/32 0 > 74.53.215.0/24 0 > 75.125.150.0/24 0 > 75.125.150.18/32 0 > 75.126.214.0/24 0 > 121.156.57.4/32 0 > 163.29.176.20/32 0 > 212.37.111.0/24 0 > ---table(4)--- > 64.202.163.213/32 0 > ---table(5)--- > 165.146.30.119/32 0 > 196.207.13.5/32 0 > . > > Patches are fully tested on RELENG_7 (FreeBSD 7.1-PRERELEASE #6: Wed Sep 3 10:02:27 ULAT 2008). > > Also these patches successfully applies to CURRENT. > > >> How-To-Repeat: >> > > >> Fix: >> > --- ip_fw2.c.orig 2008-08-20 03:58:42.000000000 +0800 > +++ ip_fw2.c 2008-09-03 09:53:29.000000000 +0800 > @@ -254,7 +254,10 @@ > static u_int32_t static_len; /* size in bytes of static rules */ > static u_int32_t dyn_count; /* # of dynamic rules */ > static u_int32_t dyn_max = 4096; /* max # of dynamic rules */ > +static u_int32_t tables_max = IPFW_TABLES_MAX; /* max # of tables */ > > +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, tables_max, CTLFLAG_RD, > + &tables_max, 0, "Max number of tables"); > SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_buckets, CTLFLAG_RW, > &dyn_buckets, 0, "Number of dyn. buckets"); > SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, CTLFLAG_RD, > > > > > --- ipfw2.c.orig 2008-09-03 09:58:22.000000000 +0800 > +++ ipfw2.c 2008-09-03 10:19:20.000000000 +0800 > @@ -5860,22 +5860,27 @@ > * ipfw table N add addr[/masklen] [value] > * ipfw table N delete addr[/masklen] > * ipfw table N flush > - * ipfw table N list > + * ipfw table N|all list > */ > static void > table_handler(int ac, char *av[]) > { > ipfw_table_entry ent; > ipfw_table *tbl; > - int do_add; > + int do_add, is_all = 0; > char *p; > socklen_t l; > - uint32_t a; > + uint32_t a, b, c; > + size_t len; > > ac--; av++; > if (ac && isdigit(**av)) { > ent.tbl = atoi(*av); > ac--; av++; > + } else if (_substrcmp(*av, "all") == 0) { > + ent.tbl = 0; > + is_all = 1; > + ac--; av++; > } else > errx(EX_USAGE, "table number required"); > NEED1("table needs command"); > @@ -5931,33 +5936,48 @@ > if (do_cmd(IP_FW_TABLE_FLUSH, &ent.tbl, sizeof(ent.tbl)) < 0) > err(EX_OSERR, "setsockopt(IP_FW_TABLE_FLUSH)"); > } else if (_substrcmp(*av, "list") == 0) { > - a = ent.tbl; > - l = sizeof(a); > - if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0) > - err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)"); > - l = sizeof(*tbl) + a * sizeof(ipfw_table_entry); > - tbl = malloc(l); > - if (tbl == NULL) > - err(EX_OSERR, "malloc"); > - tbl->tbl = ent.tbl; > - if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0) > - err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)"); > - for (a = 0; a < tbl->cnt; a++) { > - unsigned int tval; > - tval = tbl->ent[a].value; > - if (do_value_as_ip) { > - char tbuf[128]; > - strncpy(tbuf, inet_ntoa(*(struct in_addr *) > - &tbl->ent[a].addr), 127); > - /* inet_ntoa expects network order */ > - tval = htonl(tval); > - printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen, > - inet_ntoa(*(struct in_addr *)&tval)); > - } else { > - printf("%s/%u %u\n", > - inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr), > - tbl->ent[a].masklen, tval); > + c = ent.tbl; > + if (is_all) { > + len = sizeof(uint32_t); > + /* get IPFW_TABLES_MAX */ > + if (sysctlbyname("net.inet.ip.fw.tables_max", > + &c, &len, NULL, 0) == -1) > + errx(1, "sysctlbyname(\"%s\")", > + "net.inet.ip.fw.tables_max"); > + c -= 1; > + } > + for (b = ent.tbl; b <= c; b++) { > + a = b; > + l = sizeof(b); > + if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0) > + err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)"); > + l = sizeof(*tbl) + a * sizeof(ipfw_table_entry); > + tbl = malloc(l); > + if (tbl == NULL) > + err(EX_OSERR, "malloc"); > + tbl->tbl = b; > + if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0) > + err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)"); > + if (tbl->cnt && is_all) > + printf("---table(%d)---\n", b); > + for (a = 0; a < tbl->cnt; a++) { > + unsigned int tval; > + tval = tbl->ent[a].value; > + if (do_value_as_ip) { > + char tbuf[128]; > + strncpy(tbuf, inet_ntoa(*(struct in_addr *) > + &tbl->ent[a].addr), 127); > + /* inet_ntoa expects network order */ > + tval = htonl(tval); > + printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen, > + inet_ntoa(*(struct in_addr *)&tval)); > + } else { > + printf("%s/%u %u\n", > + inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr), > + tbl->ent[a].masklen, tval); > + } > } > + free(tbl); > } > } else > errx(EX_USAGE, "invalid table command %s", *av); > > > > > > --- ipfw.8-original 2008-09-01 17:08:35.000000000 +0800 > +++ ipfw.8 2008-09-03 10:26:07.000000000 +0800 > @@ -51,7 +51,9 @@ > .Nm > .Cm table Ar number Cm flush > .Nm > -.Cm table Ar number Cm list > +.Cm table > +.Brq Ar number | all > +.Cm list > .Pp > .Nm > .Brq Cm pipe | queue > > > > > >> Release-Note: >> Audit-Trail: >> Unformatted: >> > _______________________________________________ > freebsd-bugs@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs > To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org" > > > > -- The difference between a misfortune and a calamity? If Gladstone fell into the Thames, it would be a misfortune. But if someone dragged him out again, it would be a calamity. -- Benjamin Disraeli