FreeBSD Bugzilla – Attachment 14940 Details for
Bug 27887
ipfw 'backup' option proposal
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 4.45 KB, created by
avn
on 2001-06-05 07:50:01 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
avn
Created:
2001-06-05 07:50:01 UTC
Size:
4.45 KB
patch
obsolete
>--- ipfw.c.orig Tue Feb 20 17:05:37 2001 >+++ ipfw.c Tue May 29 23:43:22 2001 >@@ -67,6 +67,7 @@ > do_pipe, /* this cmd refers to a pipe */ > do_sort, /* field to sort results (0=no) */ > verbose; >+void *rules_backup; /* ruleset backup, if not NULL */ > > struct icmpcode { > int code; >@@ -94,6 +95,8 @@ > }; > > static void show_usage(const char *fmt, ...); >+static void backup_rules(); >+static void restore_rules(); > > static int > mask_bits(struct in_addr m_ad) >@@ -602,12 +605,32 @@ > } > > static void >+get_rules(data, nbytes) >+ void **data; >+ int *nbytes; >+{ >+ const int unit = do_pipe ? sizeof(struct ip_fw) : sizeof(struct dn_pipe); >+ const int ocmd = do_pipe ? IP_DUMMYNET_GET : IP_FW_GET; >+ int nalloc = unit; >+ *nbytes = nalloc ; >+ >+ while (*nbytes >= nalloc) { >+ nalloc = nalloc * 2 + 200; >+ *nbytes = nalloc ; >+ if ((*data = realloc(*data, *nbytes)) == NULL) >+ err(EX_OSERR, "realloc"); >+ if (getsockopt(s, IPPROTO_IP, ocmd, *data, nbytes) < 0) >+ err(EX_OSERR, "getsockopt(IP_%s_GET)", >+ do_pipe ? "DUMMYNET" : "FW"); >+ } >+} >+ >+static void > list(ac, av) > int ac; > char **av; > { > struct ip_fw *rules; >- struct dn_pipe *pipes; > void *data = NULL; > int pcwidth = 0; > int bcwidth = 0; >@@ -615,22 +638,7 @@ > int nbytes; > > /* get rules or pipes from kernel, resizing array as necessary */ >- { >- const int unit = do_pipe ? sizeof(*pipes) : sizeof(*rules); >- const int ocmd = do_pipe ? IP_DUMMYNET_GET : IP_FW_GET; >- int nalloc = unit; >- nbytes = nalloc ; >- >- while (nbytes >= nalloc) { >- nalloc = nalloc * 2 + 200; >- nbytes = nalloc ; >- if ((data = realloc(data, nbytes)) == NULL) >- err(EX_OSERR, "realloc"); >- if (getsockopt(s, IPPROTO_IP, ocmd, data, &nbytes) < 0) >- err(EX_OSERR, "getsockopt(IP_%s_GET)", >- do_pipe ? "DUMMYNET" : "FW"); >- } >- } >+ get_rules(&data, &nbytes); > > /* display requested pipes */ > if (do_pipe) { >@@ -857,6 +865,7 @@ > " droptail\n" > ); > >+ restore_rules(); > exit(EX_USAGE); > } > >@@ -2069,6 +2078,81 @@ > } > } > >+static void >+backup_rules() >+{ >+ int nbytes, saved_do_pipe; >+ >+ if (!isatty(STDIN_FILENO)) >+ return; >+ saved_do_pipe = do_pipe; >+ do_pipe = 0; >+ get_rules(&rules_backup, &nbytes); >+ do_pipe = saved_do_pipe; >+} >+ >+static void >+sighnd(signo) >+ int signo; >+{ >+} >+ >+static void >+restore_rules() >+{ >+ struct ip_fw *rules; >+ int i, sz, c; >+ fd_set fdr; >+ struct timeval tv; >+ >+ if (rules_backup == NULL) >+ return; >+ >+ /* Ask the user */ >+ printf("Everything ok? [yn] "); >+ FD_ZERO(&fdr); >+ FD_SET(STDIN_FILENO, &fdr); >+ tv.tv_sec = 15; >+ tv.tv_usec = 0; >+ signal(SIGHUP, sighnd); >+ signal(SIGINT, sighnd); >+ signal(SIGTERM, sighnd); >+ if (select(STDIN_FILENO + 1, &fdr, NULL, NULL, &tv) < 0 >+ || !FD_ISSET(STDIN_FILENO, &fdr)) { >+ printf("\n"); >+ goto restore; >+ } >+ >+ do { >+ fflush(stdout); >+ c = toupper(getc(stdin)); >+ while (c != '\n' && getc(stdin) != '\n') >+ if (feof(stdin)) >+ goto restore; >+ } while (c != 'Y' && c != 'N'); >+ >+ printf("\n"); >+ if (c == 'Y') { >+ free(rules_backup); >+ rules_backup = NULL; >+ return; >+ } >+ >+restore: >+ if (setsockopt(s, IPPROTO_IP, IP_FW_FLUSH, NULL, 0) < 0) >+ err(EX_UNAVAILABLE, "setsockopt(IP_FW_FLUSH)"); >+ >+ rules = (struct ip_fw *)rules_backup; >+ for (i = 0; rules[i].fw_number < 65535; i++) { >+ sz = sizeof(*rules); >+ if (getsockopt(s, IPPROTO_IP, IP_FW_ADD, rules + i, &sz) < 0) >+ err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_ADD"); >+ } >+ printf("Restored previous ruleset.\n"); >+ free(rules_backup); >+ rules_backup = NULL; >+} >+ > static int > ipfw_main(ac,av) > int ac; >@@ -2089,7 +2173,7 @@ > do_force = !isatty(STDIN_FILENO); > > optind = optreset = 1; >- while ((ch = getopt(ac, av, "s:afqtvN")) != -1) >+ while ((ch = getopt(ac, av, "s:abfqtvN")) != -1) > switch(ch) { > case 's': /* sort */ > do_sort= atoi(optarg); >@@ -2097,6 +2181,9 @@ > case 'a': > do_acct=1; > break; >+ case 'b': >+ backup_rules(); >+ break; > case 'f': > do_force=1; > break; >@@ -2211,6 +2298,7 @@ > err(EX_UNAVAILABLE, "socket"); > > setbuf(stdout,0); >+ rules_backup = NULL; > > /* > * this is a nasty check on the last argument!!! >@@ -2222,7 +2310,7 @@ > qflag = pflag = i = 0; > lineno = 0; > >- while ((c = getopt(ac, av, "D:U:p:q")) != -1) >+ while ((c = getopt(ac, av, "D:U:bp:q")) != -1) > switch(c) { > case 'D': > if (!pflag) >@@ -2244,6 +2332,10 @@ > args[i++] = optarg; > break; > >+ case 'b': >+ backup_rules(); >+ break; >+ > case 'p': > pflag = 1; > cmd = optarg; >@@ -2345,5 +2437,7 @@ > > } else > ipfw_main(ac,av); >+ >+ restore_rules(); > return EX_OK; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14940">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 27887
: 14940