Attachment #182323 for bug #218433

Lines 184-189 Link Here

(-)etc/defaults/rc.conf (+4 lines)
184	ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see	184	ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
185	# /usr/src/contrib/ipfilter/rules for examples	185	# /usr/src/contrib/ipfilter/rules for examples
186	ipfilter_flags="" # additional flags for ipfilter	186	ipfilter_flags="" # additional flags for ipfilter
		187	ippool_enable="NO" # Set to YES to enable ip filter pools
		188	ippool_program="/sbin/ippool" # where the ippool program lives
		189	ippool_rules="/etc/ippool.tables" # rules definition file for ippool
		190	ippool_flags="" # additional flags for ippool
187	ipnat_enable="NO" # Set to YES to enable ipnat functionality	191	ipnat_enable="NO" # Set to YES to enable ipnat functionality
188	ipnat_program="/sbin/ipnat" # where the ipnat program lives	192	ipnat_program="/sbin/ipnat" # where the ipnat program lives
189	ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat	193	ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat




#!/bin/sh
#
# $FreeBSD: head/etc/rc.d/ipnat 298514 2016-04-23 16:10:54Z lme $
#

# PROVIDE: ippool
# REQUIRE: FILESYSTEMS
# BEFORE:  ipfilter
# KEYWORD: nojail

. /etc/rc.subr

name="ippool"
desc="user interface to the IPFilter pools"
rcvar="ippool_enable"
load_rc_config $name
start_cmd="ippool_start"
stop_cmd="${ippool_program} -F"
reload_cmd="ippool_reload"
extra_commands="reload"
required_files="${ippool_rules}"
required_modules="ipl:ipfilter"

ippool_start()
{
	if [ -r "${ippool_rules}" ]; then
		echo "Loading IP Pools."
		${ippool_program} -f ${ippool_rules} ${ippool_flags}
	fi
}

ippool_reload()
{
	echo "Reloading IP Pools."
	${ippool_program} -F
	ippool_start
}


run_rc_command "$1"




-A [-dnv] [-m <name>] [-o <role>] [-S <seed>] [-t <type>]
.br
.B ippool
-f <file> [-dnuvR]
.br
.B ippool
-F [-dv] [-o <role>] [-t <type>]

-r [-dnv] [-m <name>] [-o <role>] [-t <type>] -i <ipaddr>[/<netmask>]
.br
.B ippool
-R [-dnv] [-m <name>] [-o <role>] -t <type>
.br
.B ippool
-s [-dtv] [-M <core>] [-N <namelist>]

.B -u
When parsing a configuration file, rather than load new pool data into the
kernel, unload it.
.TP
.SH FILES
.br
/dev/iplookup




	fprintf(stderr, "Usage:\t%s\n", prog);
	fprintf(stderr, "\t-a [-dnv] [-m <name>] [-o <role>] [-t type] [-T ttl] -i <ipaddr>[/netmask]\n");
	fprintf(stderr, "\t-A [-dnv] [-m <name>] [-o <role>] [-S <seed>] [-t <type>]\n");
	fprintf(stderr, "\t-f <file> [-dnuvR]\n");
	fprintf(stderr, "\t-F [-dv] [-o <role>] [-t <type>]\n");
	fprintf(stderr, "\t-l [-dv] [-m <name>] [-t <type>] [-O <fields>]\n");
	fprintf(stderr, "\t-r [-dnv] [-m <name>] [-o <role>] [-t type] -i <ipaddr>[/netmask]\n");
	fprintf(stderr, "\t-R [-dnv] [-m <name>] [-o <role>] -t <type>\n");
	fprintf(stderr, "\t-s [-dtv] [-M <core>] [-N <namelist>]\n");
	exit(1);
}


	assigndefined(getenv("IPPOOL_PREDEFINED"));

	switch (getopt(argc, argv, "aAf:FlrRs"))
	{
	case 'a' :
		err = poolnodecommand(0, argc, argv);

	case 'l' :
		err = poollist(argc, argv);
		break;
	case 'n' :
		opts |= OPT_DONOTHING|OPT_DONTOPEN;
		break;
	case 'r' :
		err = poolnodecommand(1, argc, argv);
		break;

	case 's' :
		err = poolstats(argc, argv);
		break;
	case 'v' :
		opts |= OPT_VERBOSE;
		break;
	default :
		exit(1);
	}

	bzero((char *)&pnode, sizeof(pnode));
	bzero((char *)&hnode, sizeof(hnode));

	while ((c = getopt(argc, argv, "di:m:no:Rt:T:v")) != -1) {
		switch (c)
		{
		case 'd' :

			}
			break;
		case 'T' :
			if (remove == 0) {
				ttl = atoi(optarg);
				if (ttl < 0) {
					fprintf(stderr, "cannot set negative ttl\n");
					return -1;
				}
			} else {
				usage(argv[0]);
			}
			break;
		case 'v' :
			opts |= OPT_VERBOSE;
			break;
		default :
			usage(argv[0]);
			break;		/* keep compiler happy */
		}
	}

	if (argc - 1 - optind > 0)
		usage(argv[0]);

	if (argv[optind] != NULL && ipset == 0) {
		if (setnodeaddr(type, role, ptr, argv[optind]) == 0)
			ipset = 1;

	char *argv[];
{
	int type, role, c, err;
	char *poolname, *typearg = NULL;
	iphtable_t iph;
	ip_pool_t pool;


	bzero((char *)&iph, sizeof(iph));
	bzero((char *)&pool, sizeof(pool));

	while ((c = getopt(argc, argv, "dm:no:RSvt:")) != -1)
		switch (c)
		{
		case 'd' :

			opts |= OPT_NORESOLVE;
			break;
		case 'S' :
			if (remove == 0)
				iph.iph_seed = atoi(optarg);
			else
				usage(argv[0]);
			break;
		case 'v' :
			opts |= OPT_VERBOSE;
			break;
		case 't' :
			type = gettype(optarg, &iph.iph_type);
			typearg = optarg;
			break;
		default :
			usage(argv[0]);
			break;		/* keep compiler happy */
		}

	if (argc - 1 - optind > 0)
		usage(argv[0]);

	if (opts & OPT_DEBUG)
		fprintf(stderr, "poolcommand: opts = %#x\n", opts);


		return -1;
	}

	type = gettype(argv[optind], &iph.iph_type);
	if (type == IPLT_NONE) {
		if (typearg == NULL) {
			fprintf(stderr, "type must be specified\n");
			usage(argv[0]);
		} else {
			fprintf(stderr, "unknown type '%s'\n", typearg);
		}
		return -1;
	}


{
	int c;

	infile = optarg;

	while ((c = getopt(argc, argv, "dnRuv")) != -1)
		switch (c)
		{

		case 'v' :
			opts |= OPT_VERBOSE;
			break;
		default :
			usage(argv[0]);
			break;		/* keep compiler happy */
		}

	if (argc - 1 - optind > 0)
		usage(argv[0]);

	if (opts & OPT_DEBUG)
		fprintf(stderr, "loadpoolfile: opts = %#x\n", opts);


		case 'v' :
			opts |= OPT_VERBOSE;
			break;
		default :
			usage(argv[0]);
			break;		/* keep compiler happy */
		}

	if (argc - 1 - optind > 0)
		usage(argv[0]);

	if (opts & OPT_DEBUG)
		fprintf(stderr, "poolstats: opts = %#x\n", opts);


		case 'v' :
			opts |= OPT_VERBOSE;
			break;
		default :
			usage(argv[0]);
			break;		/* keep compiler happy */
		}

	if (argc - 1 - optind > 0)
		usage(argv[0]);

	if (opts & OPT_DEBUG)
		fprintf(stderr, "poolflush: opts = %#x\n", opts);


	poolname = NULL;
	role = IPL_LOGALL;

	while ((c = getopt(argc, argv, "dm:M:N:O:o:Rt:v")) != -1)
		switch (c)
		{
		case 'd' :

		case 'v' :
			opts |= OPT_VERBOSE;
			break;
		default :
			usage(argv[0]);
			break;		/* keep compiler happy */
		}

	if (argc - 1 - optind > 0)
		usage(argv[0]);

	if (opts & OPT_DEBUG)
		fprintf(stderr, "poollist: opts = %#x\n", opts);


Return to bug 218433

Line 0 Link Here

(-)etc/rc.d/ippool (+40 lines)
	1	#!/bin/sh
	2	#
	3	# $FreeBSD: head/etc/rc.d/ipnat 298514 2016-04-23 16:10:54Z lme $
	4	#
	5
	6	# PROVIDE: ippool
	7	# REQUIRE: FILESYSTEMS
	8	# BEFORE: ipfilter
	9	# KEYWORD: nojail
	10
	11	. /etc/rc.subr
	12
	13	name="ippool"
	14	desc="user interface to the IPFilter pools"
	15	rcvar="ippool_enable"
	16	load_rc_config $name
	17	start_cmd="ippool_start"
	18	stop_cmd="${ippool_program} -F"
	19	reload_cmd="ippool_reload"
	20	extra_commands="reload"
	21	required_files="${ippool_rules}"
	22	required_modules="ipl:ipfilter"
	23
	24	ippool_start()
	25	{
	26	if [ -r "${ippool_rules}" ]; then
	27	echo "Loading IP Pools."
	28	${ippool_program} -f ${ippool_rules} ${ippool_flags}
	29	fi
	30	}
	31
	32	ippool_reload()
	33	{
	34	echo "Reloading IP Pools."
	35	${ippool_program} -F
	36	ippool_start
	37	}
	38
	39
	40	run_rc_command "$1"

Lines 12-18 Link Here

(-)contrib/ipfilter/man/ippool.8 (-3 / +3 lines)
12	-A [-dnv] [-m <name>] [-o <role>] [-S <seed>] [-t <type>]	12	-A [-dnv] [-m <name>] [-o <role>] [-S <seed>] [-t <type>]
13	.br	13	.br
14	.B ippool	14	.B ippool
15	-f <file> [-dnuv]	15	-f <file> [-dnuvR]
16	.br	16	.br
17	.B ippool	17	.B ippool
18	-F [-dv] [-o <role>] [-t <type>]	18	-F [-dv] [-o <role>] [-t <type>]
Lines 24-30 Link Here
24	-r [-dnv] [-m <name>] [-o <role>] [-t <type>] -i <ipaddr>[/<netmask>]	24	-r [-dnv] [-m <name>] [-o <role>] [-t <type>] -i <ipaddr>[/<netmask>]
25	.br	25	.br
26	.B ippool	26	.B ippool
27	-R [-dnv] [-m <name>] [-o <role>] [-t <type>]	27	-R [-dnv] [-m <name>] [-o <role>] -t <type>
28	.br	28	.br
29	.B ippool	29	.B ippool
30	-s [-dtv] [-M <core>] [-N <namelist>]	30	-s [-dtv] [-M <core>] [-N <namelist>]
Lines 123-129 Link Here
123	.B -u	123	.B -u
124	When parsing a configuration file, rather than load new pool data into the	124	When parsing a configuration file, rather than load new pool data into the
125	kernel, unload it.	125	kernel, unload it.
126	.DT	126	.TP
127	.SH FILES	127	.SH FILES
128	.br	128	.br
129	/dev/iplookup	129	/dev/iplookup

Lines 77-87 Link Here

(-)contrib/ipfilter/tools/ippool.c (-22 / +66 lines)
77	fprintf(stderr, "Usage:\t%s\n", prog);	77	fprintf(stderr, "Usage:\t%s\n", prog);
78	fprintf(stderr, "\t-a [-dnv] [-m <name>] [-o <role>] [-t type] [-T ttl] -i <ipaddr>[/netmask]\n");	78	fprintf(stderr, "\t-a [-dnv] [-m <name>] [-o <role>] [-t type] [-T ttl] -i <ipaddr>[/netmask]\n");
79	fprintf(stderr, "\t-A [-dnv] [-m <name>] [-o <role>] [-S <seed>] [-t <type>]\n");	79	fprintf(stderr, "\t-A [-dnv] [-m <name>] [-o <role>] [-S <seed>] [-t <type>]\n");
80	fprintf(stderr, "\t-f <file> [-dnuv]\n");	80	fprintf(stderr, "\t-f <file> [-dnuvR]\n");
81	fprintf(stderr, "\t-F [-dv] [-o <role>] [-t <type>]\n");	81	fprintf(stderr, "\t-F [-dv] [-o <role>] [-t <type>]\n");
82	fprintf(stderr, "\t-l [-dv] [-m <name>] [-t <type>] [-O <fields>]\n");	82	fprintf(stderr, "\t-l [-dv] [-m <name>] [-t <type>] [-O <fields>]\n");
83	fprintf(stderr, "\t-r [-dnv] [-m <name>] [-o <role>] [-t type] -i <ipaddr>[/netmask]\n");	83	fprintf(stderr, "\t-r [-dnv] [-m <name>] [-o <role>] [-t type] -i <ipaddr>[/netmask]\n");
84	fprintf(stderr, "\t-R [-dnv] [-m <name>] [-o <role>] [-t <type>]\n");	84	fprintf(stderr, "\t-R [-dnv] [-m <name>] [-o <role>] -t <type>\n");
85	fprintf(stderr, "\t-s [-dtv] [-M <core>] [-N <namelist>]\n");	85	fprintf(stderr, "\t-s [-dtv] [-M <core>] [-N <namelist>]\n");
86	exit(1);	86	exit(1);
87	}	87	}
Lines 99-105 Link Here
99		99
100	assigndefined(getenv("IPPOOL_PREDEFINED"));	100	assigndefined(getenv("IPPOOL_PREDEFINED"));
101		101
102	switch (getopt(argc, argv, "aAf:FlnrRsv"))	102	switch (getopt(argc, argv, "aAf:FlrRs"))
103	{	103	{
104	case 'a' :	104	case 'a' :
105	err = poolnodecommand(0, argc, argv);	105	err = poolnodecommand(0, argc, argv);
Lines 116-124 Link Here
116	case 'l' :	116	case 'l' :
117	err = poollist(argc, argv);	117	err = poollist(argc, argv);
118	break;	118	break;
119	case 'n' :
120	opts \|= OPT_DONOTHING\|OPT_DONTOPEN;
121	break;
122	case 'r' :	119	case 'r' :
123	err = poolnodecommand(1, argc, argv);	120	err = poolnodecommand(1, argc, argv);
124	break;	121	break;
Lines 128-136 Link Here
128	case 's' :	125	case 's' :
129	err = poolstats(argc, argv);	126	err = poolstats(argc, argv);
130	break;	127	break;
131	case 'v' :
132	opts \|= OPT_VERBOSE;
133	break;
134	default :	128	default :
135	exit(1);	129	exit(1);
136	}	130	}
Lines 157-163 Link Here
157	bzero((char *)&pnode, sizeof(pnode));	151	bzero((char *)&pnode, sizeof(pnode));
158	bzero((char *)&hnode, sizeof(hnode));	152	bzero((char *)&hnode, sizeof(hnode));
159		153
160	while ((c = getopt(argc, argv, "di:m:no:Rt:T:v")) != -1)	154	while ((c = getopt(argc, argv, "di:m:no:Rt:T:v")) != -1) {
161	switch (c)	155	switch (c)
162	{	156	{
163	case 'd' :	157	case 'd' :
Lines 207-223 Link Here
207	}	201	}
208	break;	202	break;
209	case 'T' :	203	case 'T' :
210	ttl = atoi(optarg);	204	if (remove == 0) {
211	if (ttl < 0) {	205	ttl = atoi(optarg);
212	fprintf(stderr, "cannot set negative ttl\n");	206	if (ttl < 0) {
213	return -1;	207	fprintf(stderr, "cannot set negative ttl\n");
		208	return -1;
		209	}
		210	} else {
		211	usage(argv[0]);
214	}	212	}
215	break;	213	break;
216	case 'v' :	214	case 'v' :
217	opts \|= OPT_VERBOSE;	215	opts \|= OPT_VERBOSE;
218	break;	216	break;
		217	default :
		218	usage(argv[0]);
		219	break; /* keep compiler happy */
219	}	220	}
		221	}
220		222
		223	if (argc - 1 - optind > 0)
		224	usage(argv[0]);
		225
221	if (argv[optind] != NULL && ipset == 0) {	226	if (argv[optind] != NULL && ipset == 0) {
222	if (setnodeaddr(type, role, ptr, argv[optind]) == 0)	227	if (setnodeaddr(type, role, ptr, argv[optind]) == 0)
223	ipset = 1;	228	ipset = 1;
Lines 262-268 Link Here
262	char *argv[];	267	char *argv[];
263	{	268	{
264	int type, role, c, err;	269	int type, role, c, err;
265	char *poolname;	270	char poolname, typearg = NULL;
266	iphtable_t iph;	271	iphtable_t iph;
267	ip_pool_t pool;	272	ip_pool_t pool;
268		273
Lines 274-280 Link Here
274	bzero((char *)&iph, sizeof(iph));	279	bzero((char *)&iph, sizeof(iph));
275	bzero((char *)&pool, sizeof(pool));	280	bzero((char *)&pool, sizeof(pool));
276		281
277	while ((c = getopt(argc, argv, "dm:no:RSv")) != -1)	282	while ((c = getopt(argc, argv, "dm:no:RSvt:")) != -1)
278	switch (c)	283	switch (c)
279	{	284	{
280	case 'd' :	285	case 'd' :
Lines 298-310 Link Here
298	opts \|= OPT_NORESOLVE;	303	opts \|= OPT_NORESOLVE;
299	break;	304	break;
300	case 'S' :	305	case 'S' :
301	iph.iph_seed = atoi(optarg);	306	if (remove == 0)
		307	iph.iph_seed = atoi(optarg);
		308	else
		309	usage(argv[0]);
302	break;	310	break;
303	case 'v' :	311	case 'v' :
304	opts \|= OPT_VERBOSE;	312	opts \|= OPT_VERBOSE;
305	break;	313	break;
		314	case 't' :
		315	type = gettype(optarg, &iph.iph_type);
		316	typearg = optarg;
		317	break;
		318	default :
		319	usage(argv[0]);
		320	break; /* keep compiler happy */
306	}	321	}
307		322
		323	if (argc - 1 - optind > 0)
		324	usage(argv[0]);
		325
308	if (opts & OPT_DEBUG)	326	if (opts & OPT_DEBUG)
309	fprintf(stderr, "poolcommand: opts = %#x\n", opts);	327	fprintf(stderr, "poolcommand: opts = %#x\n", opts);
310		328
Lines 313-321 Link Here
313	return -1;	331	return -1;
314	}	332	}
315		333
316	type = gettype(argv[optind], &iph.iph_type);
317	if (type == IPLT_NONE) {	334	if (type == IPLT_NONE) {
318	fprintf(stderr, "unknown type '%s'\n", argv[optind]);	335	if (typearg == NULL) {
		336	fprintf(stderr, "type must be specified\n");
		337	usage(argv[0]);
		338	} else {
		339	fprintf(stderr, "unknown type '%s'\n", typearg);
		340	}
319	return -1;	341	return -1;
320	}	342	}
321		343
Lines 361-368 Link Here
361	{	383	{
362	int c;	384	int c;
363		385
364	infile = optarg;
365
366	while ((c = getopt(argc, argv, "dnRuv")) != -1)	386	while ((c = getopt(argc, argv, "dnRuv")) != -1)
367	switch (c)	387	switch (c)
368	{	388	{
Lines 382-389 Link Here
382	case 'v' :	402	case 'v' :
383	opts \|= OPT_VERBOSE;	403	opts \|= OPT_VERBOSE;
384	break;	404	break;
		405	default :
		406	usage(argv[0]);
		407	break; /* keep compiler happy */
385	}	408	}
386		409
		410	if (argc - 1 - optind > 0)
		411	usage(argv[0]);
		412
387	if (opts & OPT_DEBUG)	413	if (opts & OPT_DEBUG)
388	fprintf(stderr, "loadpoolfile: opts = %#x\n", opts);	414	fprintf(stderr, "loadpoolfile: opts = %#x\n", opts);
389		415
Lines 453-460 Link Here
453	case 'v' :	479	case 'v' :
454	opts \|= OPT_VERBOSE;	480	opts \|= OPT_VERBOSE;
455	break;	481	break;
		482	default :
		483	usage(argv[0]);
		484	break; /* keep compiler happy */
456	}	485	}
457		486
		487	if (argc - 1 - optind > 0)
		488	usage(argv[0]);
		489
458	if (opts & OPT_DEBUG)	490	if (opts & OPT_DEBUG)
459	fprintf(stderr, "poolstats: opts = %#x\n", opts);	491	fprintf(stderr, "poolstats: opts = %#x\n", opts);
460		492
Lines 559-566 Link Here
559	case 'v' :	591	case 'v' :
560	opts \|= OPT_VERBOSE;	592	opts \|= OPT_VERBOSE;
561	break;	593	break;
		594	default :
		595	usage(argv[0]);
		596	break; /* keep compiler happy */
562	}	597	}
563		598
		599	if (argc - 1 - optind > 0)
		600	usage(argv[0]);
		601
564	if (opts & OPT_DEBUG)	602	if (opts & OPT_DEBUG)
565	fprintf(stderr, "poolflush: opts = %#x\n", opts);	603	fprintf(stderr, "poolflush: opts = %#x\n", opts);
566		604
Lines 663-669 Link Here
663	poolname = NULL;	701	poolname = NULL;
664	role = IPL_LOGALL;	702	role = IPL_LOGALL;
665		703
666	while ((c = getopt(argc, argv, "dm:M:N:o:Rt:v")) != -1)	704	while ((c = getopt(argc, argv, "dm:M:N:O:o:Rt:v")) != -1)
667	switch (c)	705	switch (c)
668	{	706	{
669	case 'd' :	707	case 'd' :
Lines 703-710 Link Here
703	case 'v' :	741	case 'v' :
704	opts \|= OPT_VERBOSE;	742	opts \|= OPT_VERBOSE;
705	break;	743	break;
		744	default :
		745	usage(argv[0]);
		746	break; /* keep compiler happy */
706	}	747	}
707		748
		749	if (argc - 1 - optind > 0)
		750	usage(argv[0]);
		751
708	if (opts & OPT_DEBUG)	752	if (opts & OPT_DEBUG)
709	fprintf(stderr, "poollist: opts = %#x\n", opts);	753	fprintf(stderr, "poollist: opts = %#x\n", opts);
710		754