Date: Sun, 30 Jun 2002 14:19:03 +0200 From: Abraham van der Merwe <abz@frogfoot.net> To: FreeBSD Hacking <freebsd-hackers@freebsd.org> Subject: ipfirewall(4) problems Message-ID: <20020630121903.GA17612@oasis.frogfoot.net>
next in thread | raw e-mail | index | archive | help
--J2SCkAp4GZ/dPZZf
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi!
I'm trying to add/remove/show ipfw rules in a C program. However I'm
struggling.
First of, the ipfirewall(4) man pages made me think that you'd do a
getsockopt() for each rule, starting with fw_number=3D0 with optlen=3Dsizeo=
f(struct
ip_fw), but ipfw2.c and ipfw.c from the ipfw source code speaks otherwise.
According to that getsockopt IP_FW_GET will return the data for all the
rules, returning the len of all these rules if you didn't specify a valid
length.
So, I tried this. Here is the small code snippet:
------------< snip <------< snip <------< snip <------------
static int ipfw_show (int fd)
{
char buf[1024];
socklen_t len;
len =3D 1;
printf ("len: %u\n",len);
if (getsockopt (fd,IPPROTO_IP,IP_FW_GET,buf,&len) < 0) {
perror ("setsockopt IP_FW_GET");
return (-1);
}
printf ("len: %u\n",len);
=09
return (0);
}
int main (int argc,char *argv[])
{
int fd;
if ((fd =3D socket (PF_INET,SOCK_RAW,IPPROTO_RAW)) < 0) {
perror ("socket");
exit (EXIT_FAILURE);
}
if (ipfw_show (fd) < 0) {
close (fd);
exit (EXIT_FAILURE);
}
close (fd);
exit (EXIT_SUCCESS);
}
------------< snip <------< snip <------< snip <------------
Which gives some interesting results:
------------< snip <------< snip <------< snip <------------
root@pris:~/tinysnmp/tinysnmp-0.2.2/EXP# ./ipfw_show
len: 1
len: 1
------------< snip <------< snip <------< snip <------------
Surely getsockopt() should've returned a buffer length? Is this a bug or am
I missing something?
PS:
It would also be great if someone could update the man page to actually
reflect the real interface. The man page I have dates back to June 1997.
--=20
Regards
Abraham
What awful irony is this?
We are as gods, but know it not.
___________________________________________________
Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks
P.O. Box 3472, Matieland, Stellenbosch, 7602
Cell: +27 82 565 4451 Http: http://www.frogfoot.net
Email: abz@frogfoot.net
--J2SCkAp4GZ/dPZZf
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9Hvc30jJV70h31dERAuhtAKCCdY1hCITMHiQ5YveNLGyzVfsRfwCeLrZv
BT//9FChAexojnUOysPJVBU=
=gqwB
-----END PGP SIGNATURE-----
--J2SCkAp4GZ/dPZZf--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020630121903.GA17612>