From owner-freebsd-bugs@FreeBSD.ORG Wed Sep 3 02:50:01 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 697A91065675 for ; Wed, 3 Sep 2008 02:50:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 484208FC16 for ; Wed, 3 Sep 2008 02:50:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m832o1Fc069430 for ; Wed, 3 Sep 2008 02:50:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m832o1du069429; Wed, 3 Sep 2008 02:50:01 GMT (envelope-from gnats) Resent-Date: Wed, 3 Sep 2008 02:50:01 GMT Resent-Message-Id: <200809030250.m832o1du069429@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Ganbold Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EDD1F1065675 for ; Wed, 3 Sep 2008 02:43:00 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id DF27C8FC08 for ; Wed, 3 Sep 2008 02:43:00 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m832h0Vc013634 for ; Wed, 3 Sep 2008 02:43:00 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m832h0un013633; Wed, 3 Sep 2008 02:43:00 GMT (envelope-from nobody) Message-Id: <200809030243.m832h0un013633@www.freebsd.org> Date: Wed, 3 Sep 2008 02:43:00 GMT From: Ganbold To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: bin/127058: add "all" command line option to ipfw table listing X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2008 02:50:01 -0000 >Number: 127058 >Category: bin >Synopsis: add "all" command line option to ipfw table listing >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Sep 03 02:50:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Ganbold >Release: RELENG_7 >Organization: >Environment: >Description: Following patches add possibility to list IP addresses from all defined ipfw tables. For example: v02# ipfw table all list ---table(1)--- 202.179.18.7/32 0 202.179.27.132/32 0 208.48.2.0/24 0 ---table(2)--- 202.72.244.226/32 0 ---table(3)--- 61.222.9.212/32 0 74.53.215.0/24 0 75.125.150.0/24 0 75.125.150.18/32 0 75.126.214.0/24 0 121.156.57.4/32 0 163.29.176.20/32 0 212.37.111.0/24 0 ---table(4)--- 64.202.163.213/32 0 ---table(5)--- 165.146.30.119/32 0 196.207.13.5/32 0 .. Patches are fully tested on RELENG_7 (FreeBSD 7.1-PRERELEASE #6: Wed Sep 3 10:02:27 ULAT 2008). Also these patches successfully applies to CURRENT. >How-To-Repeat: >Fix: --- ip_fw2.c.orig 2008-08-20 03:58:42.000000000 +0800 +++ ip_fw2.c 2008-09-03 09:53:29.000000000 +0800 @@ -254,7 +254,10 @@ static u_int32_t static_len; /* size in bytes of static rules */ static u_int32_t dyn_count; /* # of dynamic rules */ static u_int32_t dyn_max = 4096; /* max # of dynamic rules */ +static u_int32_t tables_max = IPFW_TABLES_MAX; /* max # of tables */ +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, tables_max, CTLFLAG_RD, + &tables_max, 0, "Max number of tables"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_buckets, CTLFLAG_RW, &dyn_buckets, 0, "Number of dyn. buckets"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, CTLFLAG_RD, --- ipfw2.c.orig 2008-09-03 09:58:22.000000000 +0800 +++ ipfw2.c 2008-09-03 10:19:20.000000000 +0800 @@ -5860,22 +5860,27 @@ * ipfw table N add addr[/masklen] [value] * ipfw table N delete addr[/masklen] * ipfw table N flush - * ipfw table N list + * ipfw table N|all list */ static void table_handler(int ac, char *av[]) { ipfw_table_entry ent; ipfw_table *tbl; - int do_add; + int do_add, is_all = 0; char *p; socklen_t l; - uint32_t a; + uint32_t a, b, c; + size_t len; ac--; av++; if (ac && isdigit(**av)) { ent.tbl = atoi(*av); ac--; av++; + } else if (_substrcmp(*av, "all") == 0) { + ent.tbl = 0; + is_all = 1; + ac--; av++; } else errx(EX_USAGE, "table number required"); NEED1("table needs command"); @@ -5931,33 +5936,48 @@ if (do_cmd(IP_FW_TABLE_FLUSH, &ent.tbl, sizeof(ent.tbl)) < 0) err(EX_OSERR, "setsockopt(IP_FW_TABLE_FLUSH)"); } else if (_substrcmp(*av, "list") == 0) { - a = ent.tbl; - l = sizeof(a); - if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0) - err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)"); - l = sizeof(*tbl) + a * sizeof(ipfw_table_entry); - tbl = malloc(l); - if (tbl == NULL) - err(EX_OSERR, "malloc"); - tbl->tbl = ent.tbl; - if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0) - err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)"); - for (a = 0; a < tbl->cnt; a++) { - unsigned int tval; - tval = tbl->ent[a].value; - if (do_value_as_ip) { - char tbuf[128]; - strncpy(tbuf, inet_ntoa(*(struct in_addr *) - &tbl->ent[a].addr), 127); - /* inet_ntoa expects network order */ - tval = htonl(tval); - printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen, - inet_ntoa(*(struct in_addr *)&tval)); - } else { - printf("%s/%u %u\n", - inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr), - tbl->ent[a].masklen, tval); + c = ent.tbl; + if (is_all) { + len = sizeof(uint32_t); + /* get IPFW_TABLES_MAX */ + if (sysctlbyname("net.inet.ip.fw.tables_max", + &c, &len, NULL, 0) == -1) + errx(1, "sysctlbyname(\"%s\")", + "net.inet.ip.fw.tables_max"); + c -= 1; + } + for (b = ent.tbl; b <= c; b++) { + a = b; + l = sizeof(b); + if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0) + err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)"); + l = sizeof(*tbl) + a * sizeof(ipfw_table_entry); + tbl = malloc(l); + if (tbl == NULL) + err(EX_OSERR, "malloc"); + tbl->tbl = b; + if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0) + err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)"); + if (tbl->cnt && is_all) + printf("---table(%d)---\n", b); + for (a = 0; a < tbl->cnt; a++) { + unsigned int tval; + tval = tbl->ent[a].value; + if (do_value_as_ip) { + char tbuf[128]; + strncpy(tbuf, inet_ntoa(*(struct in_addr *) + &tbl->ent[a].addr), 127); + /* inet_ntoa expects network order */ + tval = htonl(tval); + printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen, + inet_ntoa(*(struct in_addr *)&tval)); + } else { + printf("%s/%u %u\n", + inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr), + tbl->ent[a].masklen, tval); + } } + free(tbl); } } else errx(EX_USAGE, "invalid table command %s", *av); --- ipfw.8-original 2008-09-01 17:08:35.000000000 +0800 +++ ipfw.8 2008-09-03 10:26:07.000000000 +0800 @@ -51,7 +51,9 @@ .Nm .Cm table Ar number Cm flush .Nm -.Cm table Ar number Cm list +.Cm table +.Brq Ar number | all +.Cm list .Pp .Nm .Brq Cm pipe | queue >Release-Note: >Audit-Trail: >Unformatted: