From owner-freebsd-net@FreeBSD.ORG Mon Sep 1 09:38:57 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB8AC106564A; Mon, 1 Sep 2008 09:38:57 +0000 (UTC) (envelope-from ganbold@micom.mng.net) Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88]) by mx1.freebsd.org (Postfix) with ESMTP id 839208FC1F; Mon, 1 Sep 2008 09:38:57 +0000 (UTC) (envelope-from ganbold@micom.mng.net) Received: from [202.179.0.164] (helo=daemon.micom.mng.net) by publicd.ub.mng.net with esmtpa (Exim 4.69 (FreeBSD)) (envelope-from ) id 1Ka5s0-000MNq-4E; Mon, 01 Sep 2008 17:38:48 +0800 Message-ID: <48BBB82C.3050008@micom.mng.net> Date: Mon, 01 Sep 2008 17:38:52 +0800 From: Ganbold User-Agent: Thunderbird 2.0.0.12 (X11/20080415) MIME-Version: 1.0 To: "Andrey V. Elsukov" References: <48BB6B95.4010103@micom.mng.net> <48BBB1F1.2090302@yandex.ru> In-Reply-To: <48BBB1F1.2090302@yandex.ru> X-Enigmail-Version: 0.95.6 OpenPGP: id=78F6425E Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-net@freebsd.org" , Gleb Smirnoff , rizzo@iet.unipi.it, Julian Elischer Subject: Re: IPFW_TABLES_MAX in src/sbin/ipfw/ipfw2.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Sep 2008 09:38:58 -0000 Andrey V. Elsukov wrote: > Ganbold wrote: >> Hi, >> >> Sorry for sending this third time (2 to freebsd-ipfw, 1 to freebsd-net). >> >> I'm trying to make small changes in ipfw2.c code (RELENG_7), but make >> fails with following error: >> >> v02# make >> cc -O2 -fno-strict-aliasing -pipe -Wno-pointer-sign -c >> /usr/src/sbin/ipfw/ipfw2.c >> /usr/src/sbin/ipfw/ipfw2.c: In function 'table_handler': >> /usr/src/sbin/ipfw/ipfw2.c:5941: error: 'IPFW_TABLES_MAX' undeclared >> (first use in this function) >> /usr/src/sbin/ipfw/ipfw2.c:5941: error: (Each undeclared identifier is >> reported only once >> /usr/src/sbin/ipfw/ipfw2.c:5941: error: for each function it appears >> in.) >> *** Error code 1 >> >> IPFW_TABLES_MAX seems like defined in netinet/ip_fw.h, which is included >> in ipfw2.c: >> > > IPFW_TABLES_MAX protected by _KERNEL macro. This is why you get > an error. Yeah, my fault, I was looking around IPFW_INTERNAL and missed _KERNEL macro. I defined new sysctl variable in netinet/ip_fw2.c and now I'm able to get IPFW_TABLES_MAX via sysctl from /sbin/ipfw. Is it the way I should get constant protected by _KERNEL? Also should I PR my patch? Anyway here is the diff against RELENG_7. Please let me know if I'm doing something wrong here. ------------------------------------------------------------------- --- ip_fw2.c.orig 2008-09-01 17:31:57.000000000 +0800 +++ ip_fw2.c 2008-09-01 16:54:30.000000000 +0800 @@ -255,6 +255,8 @@ static u_int32_t dyn_count; /* # of dynamic rules */ static u_int32_t dyn_max = 4096; /* max # of dynamic rules */ +static u_int32_t tables_count = IPFW_TABLES_MAX; /* # of tables */ + SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_buckets, CTLFLAG_RW, &dyn_buckets, 0, "Number of dyn. buckets"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, CTLFLAG_RD, @@ -265,6 +267,8 @@ &dyn_max, 0, "Max number of dyn. rules"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, static_count, CTLFLAG_RD, &static_count, 0, "Number of static rules"); +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, tables_count, CTLFLAG_RD, + &tables_count, 0, "Number of tables"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_ack_lifetime, CTLFLAG_RW, &dyn_ack_lifetime, 0, "Lifetime of dyn. rules for acks"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_syn_lifetime, CTLFLAG_RW, ------------------------------------------------------------------- --- /usr/src/sbin/ipfw/ipfw2.c 2008-07-31 09:39:59.000000000 +0800 +++ ipfw2.c 2008-09-01 16:46:08.000000000 +0800 @@ -5860,24 +5860,30 @@ * ipfw table N add addr[/masklen] [value] * ipfw table N delete addr[/masklen] * ipfw table N flush - * ipfw table N list + * ipfw table N|all list */ static void table_handler(int ac, char *av[]) { ipfw_table_entry ent; ipfw_table *tbl; - int do_add; + int do_add, is_all = 0; char *p; socklen_t l; - uint32_t a; + uint32_t a, b, c; + size_t len; ac--; av++; if (ac && isdigit(**av)) { ent.tbl = atoi(*av); ac--; av++; + } else if (_substrcmp(*av, "all") == 0) { + ent.tbl = 0; + is_all = 1; + ac--; av++; } else errx(EX_USAGE, "table number required"); + NEED1("table needs command"); if (_substrcmp(*av, "add") == 0 || _substrcmp(*av, "delete") == 0) { @@ -5931,33 +5937,55 @@ if (do_cmd(IP_FW_TABLE_FLUSH, &ent.tbl, sizeof(ent.tbl)) < 0) err(EX_OSERR, "setsockopt(IP_FW_TABLE_FLUSH)"); } else if (_substrcmp(*av, "list") == 0) { - a = ent.tbl; - l = sizeof(a); - if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0) - err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)"); - l = sizeof(*tbl) + a * sizeof(ipfw_table_entry); - tbl = malloc(l); - if (tbl == NULL) - err(EX_OSERR, "malloc"); - tbl->tbl = ent.tbl; - if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0) - err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)"); - for (a = 0; a < tbl->cnt; a++) { - unsigned int tval; - tval = tbl->ent[a].value; - if (do_value_as_ip) { - char tbuf[128]; - strncpy(tbuf, inet_ntoa(*(struct in_addr *) - &tbl->ent[a].addr), 127); - /* inet_ntoa expects network order */ - tval = htonl(tval); - printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen, - inet_ntoa(*(struct in_addr *)&tval)); - } else { - printf("%s/%u %u\n", - inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr), - tbl->ent[a].masklen, tval); + c = ent.tbl; + + if (is_all) { + len = sizeof(uint32_t); + + /* get IPFW_TABLES_MAX */ + if (sysctlbyname("net.inet.ip.fw.tables_count", + &c, &len, NULL, 0) == -1) + errx(1, "sysctlbyname(\"%s\")", + "net.inet.ip.fw.tables_count"); + + c -= 1; + } + + for (b = ent.tbl; b <= c; b++) { + a = b; + l = sizeof(b); + + if (do_cmd(IP_FW_TABLE_GETSIZE, &a, (uintptr_t)&l) < 0) + err(EX_OSERR, "getsockopt(IP_FW_TABLE_GETSIZE)"); + l = sizeof(*tbl) + a * sizeof(ipfw_table_entry); + tbl = malloc(l); + if (tbl == NULL) + err(EX_OSERR, "malloc"); + tbl->tbl = b; + if (do_cmd(IP_FW_TABLE_LIST, tbl, (uintptr_t)&l) < 0) + err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)"); + + if (tbl->cnt && is_all) + printf("---table(%d)---\n", b); + + for (a = 0; a < tbl->cnt; a++) { + unsigned int tval; + tval = tbl->ent[a].value; + if (do_value_as_ip) { + char tbuf[128]; + strncpy(tbuf, inet_ntoa(*(struct in_addr *) + &tbl->ent[a].addr), 127); + /* inet_ntoa expects network order */ + tval = htonl(tval); + printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen, + inet_ntoa(*(struct in_addr *)&tval)); + } else { + printf("%s/%u %u\n", + inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr), + tbl->ent[a].masklen, tval); + } } + free(tbl); } } else errx(EX_USAGE, "invalid table command %s", *av); thanks, Ganbold -- Life is a grand adventure -- or it is nothing. -- Helen Keller