|
Lines 67-72
Link Here
|
| 67 |
do_pipe, /* this cmd refers to a pipe */ |
67 |
do_pipe, /* this cmd refers to a pipe */ |
| 68 |
do_sort, /* field to sort results (0=no) */ |
68 |
do_sort, /* field to sort results (0=no) */ |
| 69 |
verbose; |
69 |
verbose; |
|
|
70 |
void *rules_backup; /* ruleset backup, if not NULL */ |
| 70 |
|
71 |
|
| 71 |
struct icmpcode { |
72 |
struct icmpcode { |
| 72 |
int code; |
73 |
int code; |
|
Lines 94-99
Link Here
|
| 94 |
}; |
95 |
}; |
| 95 |
|
96 |
|
| 96 |
static void show_usage(const char *fmt, ...); |
97 |
static void show_usage(const char *fmt, ...); |
|
|
98 |
static void backup_rules(); |
| 99 |
static void restore_rules(); |
| 97 |
|
100 |
|
| 98 |
static int |
101 |
static int |
| 99 |
mask_bits(struct in_addr m_ad) |
102 |
mask_bits(struct in_addr m_ad) |
|
Lines 602-613
Link Here
|
| 602 |
} |
605 |
} |
| 603 |
|
606 |
|
| 604 |
static void |
607 |
static void |
|
|
608 |
get_rules(data, nbytes) |
| 609 |
void **data; |
| 610 |
int *nbytes; |
| 611 |
{ |
| 612 |
const int unit = do_pipe ? sizeof(struct ip_fw) : sizeof(struct dn_pipe); |
| 613 |
const int ocmd = do_pipe ? IP_DUMMYNET_GET : IP_FW_GET; |
| 614 |
int nalloc = unit; |
| 615 |
*nbytes = nalloc ; |
| 616 |
|
| 617 |
while (*nbytes >= nalloc) { |
| 618 |
nalloc = nalloc * 2 + 200; |
| 619 |
*nbytes = nalloc ; |
| 620 |
if ((*data = realloc(*data, *nbytes)) == NULL) |
| 621 |
err(EX_OSERR, "realloc"); |
| 622 |
if (getsockopt(s, IPPROTO_IP, ocmd, *data, nbytes) < 0) |
| 623 |
err(EX_OSERR, "getsockopt(IP_%s_GET)", |
| 624 |
do_pipe ? "DUMMYNET" : "FW"); |
| 625 |
} |
| 626 |
} |
| 627 |
|
| 628 |
static void |
| 605 |
list(ac, av) |
629 |
list(ac, av) |
| 606 |
int ac; |
630 |
int ac; |
| 607 |
char **av; |
631 |
char **av; |
| 608 |
{ |
632 |
{ |
| 609 |
struct ip_fw *rules; |
633 |
struct ip_fw *rules; |
| 610 |
struct dn_pipe *pipes; |
|
|
| 611 |
void *data = NULL; |
634 |
void *data = NULL; |
| 612 |
int pcwidth = 0; |
635 |
int pcwidth = 0; |
| 613 |
int bcwidth = 0; |
636 |
int bcwidth = 0; |
|
Lines 615-636
Link Here
|
| 615 |
int nbytes; |
638 |
int nbytes; |
| 616 |
|
639 |
|
| 617 |
/* get rules or pipes from kernel, resizing array as necessary */ |
640 |
/* get rules or pipes from kernel, resizing array as necessary */ |
| 618 |
{ |
641 |
get_rules(&data, &nbytes); |
| 619 |
const int unit = do_pipe ? sizeof(*pipes) : sizeof(*rules); |
|
|
| 620 |
const int ocmd = do_pipe ? IP_DUMMYNET_GET : IP_FW_GET; |
| 621 |
int nalloc = unit; |
| 622 |
nbytes = nalloc ; |
| 623 |
|
| 624 |
while (nbytes >= nalloc) { |
| 625 |
nalloc = nalloc * 2 + 200; |
| 626 |
nbytes = nalloc ; |
| 627 |
if ((data = realloc(data, nbytes)) == NULL) |
| 628 |
err(EX_OSERR, "realloc"); |
| 629 |
if (getsockopt(s, IPPROTO_IP, ocmd, data, &nbytes) < 0) |
| 630 |
err(EX_OSERR, "getsockopt(IP_%s_GET)", |
| 631 |
do_pipe ? "DUMMYNET" : "FW"); |
| 632 |
} |
| 633 |
} |
| 634 |
|
642 |
|
| 635 |
/* display requested pipes */ |
643 |
/* display requested pipes */ |
| 636 |
if (do_pipe) { |
644 |
if (do_pipe) { |
|
Lines 857-862
Link Here
|
| 857 |
" droptail\n" |
865 |
" droptail\n" |
| 858 |
); |
866 |
); |
| 859 |
|
867 |
|
|
|
868 |
restore_rules(); |
| 860 |
exit(EX_USAGE); |
869 |
exit(EX_USAGE); |
| 861 |
} |
870 |
} |
| 862 |
|
871 |
|
|
Lines 2069-2074
Link Here
|
| 2069 |
} |
2078 |
} |
| 2070 |
} |
2079 |
} |
| 2071 |
|
2080 |
|
|
|
2081 |
static void |
| 2082 |
backup_rules() |
| 2083 |
{ |
| 2084 |
int nbytes, saved_do_pipe; |
| 2085 |
|
| 2086 |
if (!isatty(STDIN_FILENO)) |
| 2087 |
return; |
| 2088 |
saved_do_pipe = do_pipe; |
| 2089 |
do_pipe = 0; |
| 2090 |
get_rules(&rules_backup, &nbytes); |
| 2091 |
do_pipe = saved_do_pipe; |
| 2092 |
} |
| 2093 |
|
| 2094 |
static void |
| 2095 |
sighnd(signo) |
| 2096 |
int signo; |
| 2097 |
{ |
| 2098 |
} |
| 2099 |
|
| 2100 |
static void |
| 2101 |
restore_rules() |
| 2102 |
{ |
| 2103 |
struct ip_fw *rules; |
| 2104 |
int i, sz, c; |
| 2105 |
fd_set fdr; |
| 2106 |
struct timeval tv; |
| 2107 |
|
| 2108 |
if (rules_backup == NULL) |
| 2109 |
return; |
| 2110 |
|
| 2111 |
/* Ask the user */ |
| 2112 |
printf("Everything ok? [yn] "); |
| 2113 |
FD_ZERO(&fdr); |
| 2114 |
FD_SET(STDIN_FILENO, &fdr); |
| 2115 |
tv.tv_sec = 15; |
| 2116 |
tv.tv_usec = 0; |
| 2117 |
signal(SIGHUP, sighnd); |
| 2118 |
signal(SIGINT, sighnd); |
| 2119 |
signal(SIGTERM, sighnd); |
| 2120 |
if (select(STDIN_FILENO + 1, &fdr, NULL, NULL, &tv) < 0 |
| 2121 |
|| !FD_ISSET(STDIN_FILENO, &fdr)) { |
| 2122 |
printf("\n"); |
| 2123 |
goto restore; |
| 2124 |
} |
| 2125 |
|
| 2126 |
do { |
| 2127 |
fflush(stdout); |
| 2128 |
c = toupper(getc(stdin)); |
| 2129 |
while (c != '\n' && getc(stdin) != '\n') |
| 2130 |
if (feof(stdin)) |
| 2131 |
goto restore; |
| 2132 |
} while (c != 'Y' && c != 'N'); |
| 2133 |
|
| 2134 |
printf("\n"); |
| 2135 |
if (c == 'Y') { |
| 2136 |
free(rules_backup); |
| 2137 |
rules_backup = NULL; |
| 2138 |
return; |
| 2139 |
} |
| 2140 |
|
| 2141 |
restore: |
| 2142 |
if (setsockopt(s, IPPROTO_IP, IP_FW_FLUSH, NULL, 0) < 0) |
| 2143 |
err(EX_UNAVAILABLE, "setsockopt(IP_FW_FLUSH)"); |
| 2144 |
|
| 2145 |
rules = (struct ip_fw *)rules_backup; |
| 2146 |
for (i = 0; rules[i].fw_number < 65535; i++) { |
| 2147 |
sz = sizeof(*rules); |
| 2148 |
if (getsockopt(s, IPPROTO_IP, IP_FW_ADD, rules + i, &sz) < 0) |
| 2149 |
err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_ADD"); |
| 2150 |
} |
| 2151 |
printf("Restored previous ruleset.\n"); |
| 2152 |
free(rules_backup); |
| 2153 |
rules_backup = NULL; |
| 2154 |
} |
| 2155 |
|
| 2072 |
static int |
2156 |
static int |
| 2073 |
ipfw_main(ac,av) |
2157 |
ipfw_main(ac,av) |
| 2074 |
int ac; |
2158 |
int ac; |
|
Lines 2089-2095
Link Here
|
| 2089 |
do_force = !isatty(STDIN_FILENO); |
2173 |
do_force = !isatty(STDIN_FILENO); |
| 2090 |
|
2174 |
|
| 2091 |
optind = optreset = 1; |
2175 |
optind = optreset = 1; |
| 2092 |
while ((ch = getopt(ac, av, "s:afqtvN")) != -1) |
2176 |
while ((ch = getopt(ac, av, "s:abfqtvN")) != -1) |
| 2093 |
switch(ch) { |
2177 |
switch(ch) { |
| 2094 |
case 's': /* sort */ |
2178 |
case 's': /* sort */ |
| 2095 |
do_sort= atoi(optarg); |
2179 |
do_sort= atoi(optarg); |
|
Lines 2097-2102
Link Here
|
| 2097 |
case 'a': |
2181 |
case 'a': |
| 2098 |
do_acct=1; |
2182 |
do_acct=1; |
| 2099 |
break; |
2183 |
break; |
|
|
2184 |
case 'b': |
| 2185 |
backup_rules(); |
| 2186 |
break; |
| 2100 |
case 'f': |
2187 |
case 'f': |
| 2101 |
do_force=1; |
2188 |
do_force=1; |
| 2102 |
break; |
2189 |
break; |
|
Lines 2211-2216
Link Here
|
| 2211 |
err(EX_UNAVAILABLE, "socket"); |
2298 |
err(EX_UNAVAILABLE, "socket"); |
| 2212 |
|
2299 |
|
| 2213 |
setbuf(stdout,0); |
2300 |
setbuf(stdout,0); |
|
|
2301 |
rules_backup = NULL; |
| 2214 |
|
2302 |
|
| 2215 |
/* |
2303 |
/* |
| 2216 |
* this is a nasty check on the last argument!!! |
2304 |
* this is a nasty check on the last argument!!! |
|
Lines 2222-2228
Link Here
|
| 2222 |
qflag = pflag = i = 0; |
2310 |
qflag = pflag = i = 0; |
| 2223 |
lineno = 0; |
2311 |
lineno = 0; |
| 2224 |
|
2312 |
|
| 2225 |
while ((c = getopt(ac, av, "D:U:p:q")) != -1) |
2313 |
while ((c = getopt(ac, av, "D:U:bp:q")) != -1) |
| 2226 |
switch(c) { |
2314 |
switch(c) { |
| 2227 |
case 'D': |
2315 |
case 'D': |
| 2228 |
if (!pflag) |
2316 |
if (!pflag) |
|
Lines 2244-2249
Link Here
|
| 2244 |
args[i++] = optarg; |
2332 |
args[i++] = optarg; |
| 2245 |
break; |
2333 |
break; |
| 2246 |
|
2334 |
|
|
|
2335 |
case 'b': |
| 2336 |
backup_rules(); |
| 2337 |
break; |
| 2338 |
|
| 2247 |
case 'p': |
2339 |
case 'p': |
| 2248 |
pflag = 1; |
2340 |
pflag = 1; |
| 2249 |
cmd = optarg; |
2341 |
cmd = optarg; |
|
Lines 2345-2349
Link Here
|
| 2345 |
|
2437 |
|
| 2346 |
} else |
2438 |
} else |
| 2347 |
ipfw_main(ac,av); |
2439 |
ipfw_main(ac,av); |
|
|
2440 |
|
| 2441 |
restore_rules(); |
| 2348 |
return EX_OK; |
2442 |
return EX_OK; |
| 2349 |
} |
2443 |
} |