Date: Wed, 28 Sep 2005 11:04:11 +0400 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: ipfw@freebsd.org, hackers@freebsd.org Subject: nonprivileged access to ipfw Message-ID: <433A406B.3000300@yandex.ru>
next in thread | raw e-mail | index | archive | help
Hi All! I want a nonprivileged access to ipfw (without sudo, suid and etc..). But RAW sockets restrict this. I have an one idea - a pseudo device /dev/ipfw. I think that realisation of this feature is not difficult task. Now i have some questions. 1. I think correctly about following? * adding cdevsw declaration with ipfw_ioctl implementation; * adding make_dev into ipfw initialization function (on MOD_LOAD event); * adding destroy_dev (on MOD_UNLOAD); * adding needed functionaly into /sbin/ipfw. 2. About ipfw_ioctl implemetation: I can pack an ioctl params into sockopt structure and directly call ipfw_ctl function. It's ok? 3. About ioctl requests - What symbol I should place into definition of ioctl request? On what it depends? For example: #define DIOCCLRSTATES _IOWR('D', 18, struct pfioc_state_kill) >>-----------------------------^ 4. I can define only two ioctl requests, for example: IPFWIOCSCMD _IOW('x', 0, struct sockopt_like_struct) IPFWIOCGCMD _IOR('x', 1, struct sockopt_like_struct) and pass IP_FW_XXX sockoption's into sockopt_like_struct member, or I should define two definition (set/get) for each IP_FW_XXX option? Thanks and sorry for my english :( -- WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?433A406B.3000300>