Date: Fri, 26 May 2000 14:00:05 +0200 (CEST) From: alex@big.endian.de To: FreeBSD-gnats-submit@freebsd.org Cc: billf@freebsd.org Subject: kern/18830: add IP_FW_GETRULE to ipfw, in order to get single rules Message-ID: <200005261200.OAA07787@cichlids.cichlids.com>
next in thread | raw e-mail | index | archive | help
>Number: 18830
>Category: kern
>Synopsis: add IP_FW_GETRULE to ipfw, in order to get single rules
>Confidential: no
>Severity: non-critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri May 26 05:10:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Alexander Langer
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
none
>Environment:
>Description:
while IP_FW_GET gets the complete chain, which is complete overhead for
some stuff, IP_FW_GETRULE gets only a single rule.
That makes stuff much more easy.
In fact, on billf's and ps's request I have implemented ipfw move and ipfw swap
in order to move/swap rules. These uses IP_FW_GETRULE:
root:~ $ ipfw show 200 ; ipfw move 200 300 ; ipfw show 300
00200 16 3217 allow tcp from any to any
00200 allow tcp from any to any
00300 0 0 allow tcp from any to any
>How-To-Repeat:
>Fix:
cvs diff: Diffing .
Index: in.h
===================================================================
RCS file: /home/ncvs/src/sys/netinet/in.h,v
retrieving revision 1.49
diff -u -r1.49 in.h
--- in.h 2000/05/06 18:19:58 1.49
+++ in.h 2000/05/25 19:48:11
@@ -337,6 +337,7 @@
#define IP_FW_ZERO 53 /* clear single/all firewall counter(s) */
#define IP_FW_GET 54 /* get entire firewall rule chain */
#define IP_FW_RESETLOG 55 /* reset logging counters */
+#define IP_FW_GETRULE 56 /* get a single rule */
#define IP_DUMMYNET_CONFIGURE 60 /* add/configure a dummynet pipe */
#define IP_DUMMYNET_DEL 61 /* delete a dummynet pipe from chain */
Index: ip_fw.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v
retrieving revision 1.135
diff -u -r1.135 ip_fw.c
--- ip_fw.c 2000/05/23 20:38:16 1.135
+++ ip_fw.c 2000/05/26 11:52:34
@@ -1818,6 +1818,23 @@
}
break;
+ case IP_FW_GETRULE:
+ error = sooptcopyin(sopt, &frwl, sizeof frwl, sizeof frwl);
+ if (error)
+ break;
+ for (fcp = LIST_FIRST(&ip_fw_chain);
+ fcp && fcp->rule && fcp->rule->fw_number != frwl.fw_number;
+ fcp = LIST_NEXT(fcp, chain))
+ ; /* nothing */
+
+ if (!(fcp || fcp->rule)) {
+ error = EINVAL;
+ break;
+ }
+ memcpy(&frwl, fcp->rule, sizeof frwl);
+ error = sooptcopyout(sopt, &frwl, sizeof frwl);
+ break;
+
default:
printf("ip_fw_ctl invalid option %d\n", sopt->sopt_name);
error = EINVAL ;
Index: raw_ip.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/raw_ip.c,v
retrieving revision 1.64
diff -u -r1.64 raw_ip.c
--- raw_ip.c 1999/12/22 19:13:23 1.64
+++ raw_ip.c 2000/05/25 20:29:13
@@ -261,6 +261,7 @@
break;
case IP_FW_GET:
+ case IP_FW_GETRULE:
if (ip_fw_ctl_ptr == 0)
error = ENOPROTOOPT;
else
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005261200.OAA07787>