From owner-freebsd-net@FreeBSD.ORG Fri Mar 31 00:40:55 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5ADDF16A422 for ; Fri, 31 Mar 2006 00:40:55 +0000 (UTC) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1210C43D55 for ; Fri, 31 Mar 2006 00:40:55 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [10.251.17.229]) ([10.251.17.229]) by a50.ironport.com with ESMTP; 30 Mar 2006 16:40:57 -0800 Message-ID: <442C7A96.6050304@elischer.org> Date: Thu, 30 Mar 2006 16:40:54 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.11) Gecko/20050727 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Mikhail Teterin References: <200603301657.43218.mi+mx@aldan.algebra.com> In-Reply-To: <200603301657.43218.mi+mx@aldan.algebra.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: rizzo@icir.org, net@freebsd.org, ugen@worldbank.org, archie@dellroad.org, ugen@netvision.net.il Subject: Re: Is there an API for ipfw? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2006 00:40:55 -0000 Mikhail Teterin wrote: >Hi! > >I'm writing an application that, needs to be able to quickly alter the >bandwidth between another machine and the host. > >The only way I can do that -- without another machine's cooperation -- is by >using the firewall, such as the dummynet functionality of ipfw. > >Is there any way to create/alter such a pipe from a C-program without using >system("ipfw ....")? > >If not ipfw, perhaps, other firewall modules in FreeBSD-6.x? > >Thanks a lot! > > -mi > >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > I use popen("ipfw -q /dev/stdin", "w"); That way you only run it once and it is always ready and waiting to get the next command. The downside is that you need to keep track of what rules you have because if you try delete a rule that does not exist, then ipfw will quit. For this reason I put the write() in a loop, that re-opens the pipe if ipfw dies, and I only try delete rules that I know I put in. I also made a small change to ipfw (in -current) that makes it not quit when table entries are added where they already exist and when you try delete a non existant table entry. (but only in -q mode) It would be really cool to have an ipfw library that ipfw called and could be imported into other programs.. (with python, tcl and perl bindings (ok ruby too)). one for the "ideas" list I guess.