From owner-freebsd-hackers Sun Jun 30 5:19:31 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 128FB37B401 for ; Sun, 30 Jun 2002 05:19:20 -0700 (PDT) Received: from oasis.frogfoot.net (oasis.frogfoot.net [66.8.28.51]) by mx1.FreeBSD.org (Postfix) with SMTP id 7969143E13 for ; Sun, 30 Jun 2002 05:19:16 -0700 (PDT) (envelope-from abz@oasis.frogfoot.net) Received: (qmail 17720 invoked by uid 1001); 30 Jun 2002 12:19:03 -0000 Date: Sun, 30 Jun 2002 14:19:03 +0200 From: Abraham van der Merwe To: FreeBSD Hacking Subject: ipfirewall(4) problems Message-ID: <20020630121903.GA17612@oasis.frogfoot.net> Mail-Followup-To: FreeBSD Hacking Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="J2SCkAp4GZ/dPZZf" Content-Disposition: inline User-Agent: Mutt/1.3.28i Organization: Frogfoot Networks X-Operating-System: Debian GNU/Linux oasis 2.4.3 i686 X-GPG-Public-Key: http://oasis.frogfoot.net/pgpkeys/keys/frogfoot.gpg X-Uptime: 14:04:03 up 23:42, 9 users, load average: 1.26, 1.15, 1.10 X-Edited-With-Muttmode: muttmail.sl - 2001-09-27 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! I'm trying to add/remove/show ipfw rules in a C program. However I'm struggling. First of, the ipfirewall(4) man pages made me think that you'd do a getsockopt() for each rule, starting with fw_number=3D0 with optlen=3Dsizeo= f(struct ip_fw), but ipfw2.c and ipfw.c from the ipfw source code speaks otherwise. According to that getsockopt IP_FW_GET will return the data for all the rules, returning the len of all these rules if you didn't specify a valid length. So, I tried this. Here is the small code snippet: ------------< snip <------< snip <------< snip <------------ static int ipfw_show (int fd) { char buf[1024]; socklen_t len; len =3D 1; printf ("len: %u\n",len); if (getsockopt (fd,IPPROTO_IP,IP_FW_GET,buf,&len) < 0) { perror ("setsockopt IP_FW_GET"); return (-1); } printf ("len: %u\n",len); =09 return (0); } int main (int argc,char *argv[]) { int fd; if ((fd =3D socket (PF_INET,SOCK_RAW,IPPROTO_RAW)) < 0) { perror ("socket"); exit (EXIT_FAILURE); } if (ipfw_show (fd) < 0) { close (fd); exit (EXIT_FAILURE); } close (fd); exit (EXIT_SUCCESS); } ------------< snip <------< snip <------< snip <------------ Which gives some interesting results: ------------< snip <------< snip <------< snip <------------ root@pris:~/tinysnmp/tinysnmp-0.2.2/EXP# ./ipfw_show len: 1 len: 1 ------------< snip <------< snip <------< snip <------------ Surely getsockopt() should've returned a buffer length? Is this a bug or am I missing something? PS: It would also be great if someone could update the man page to actually reflect the real interface. The man page I have dates back to June 1997. --=20 Regards Abraham What awful irony is this? We are as gods, but know it not. ___________________________________________________ Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks P.O. Box 3472, Matieland, Stellenbosch, 7602 Cell: +27 82 565 4451 Http: http://www.frogfoot.net Email: abz@frogfoot.net --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9Hvc30jJV70h31dERAuhtAKCCdY1hCITMHiQ5YveNLGyzVfsRfwCeLrZv BT//9FChAexojnUOysPJVBU= =gqwB -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message