nonprivileged access to ipfw
From: Andrey V. Elsukov (bu7cher_at_yandex.ru)
Date: 09/28/05
- Previous message: Robert Watson: "Re: freebsd-5.4-stable panics"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 28 Sep 2005 11:04:11 +0400 To: ipfw@freebsd.org, hackers@freebsd.org
Hi All!
I want a nonprivileged access to ipfw (without sudo, suid and etc..).
But RAW sockets restrict this. I have an one idea - a pseudo device
/dev/ipfw. I think that realisation of this feature is not
difficult task. Now i have some questions.
1. I think correctly about following?
* adding cdevsw declaration with ipfw_ioctl implementation;
* adding make_dev into ipfw initialization function (on MOD_LOAD event);
* adding destroy_dev (on MOD_UNLOAD);
* adding needed functionaly into /sbin/ipfw.
2. About ipfw_ioctl implemetation:
I can pack an ioctl params into sockopt structure and directly call
ipfw_ctl function. It's ok?
3. About ioctl requests - What symbol I should place into definition of
ioctl request? On what it depends? For example:
#define DIOCCLRSTATES _IOWR('D', 18, struct pfioc_state_kill)
>>-----------------------------^
4. I can define only two ioctl requests, for example:
IPFWIOCSCMD _IOW('x', 0, struct sockopt_like_struct)
IPFWIOCGCMD _IOR('x', 1, struct sockopt_like_struct)
and pass IP_FW_XXX sockoption's into sockopt_like_struct member,
or I should define two definition (set/get) for each IP_FW_XXX option?
Thanks and sorry for my english :(
-- WBR, Andrey V. Elsukov _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: Robert Watson: "Re: freebsd-5.4-stable panics"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
