From: Robin Roevens <robin.roevens@disroot.org>
To: development@lists.ipfire.org
Subject: [PATCH] misc-progs: getipstat: Extend functionality
Date: Fri, 23 Apr 2021 18:22:50 +0200 [thread overview]
Message-ID: <20210423162249.18323-1-robin.roevens@disroot.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 4155 bytes --]
* bugfix: Make sure outputfiles are removed beforehand
to prevent permission errors writing to them.
* Add optional parameter "-x" to have iptables report exact numbers
* Add optional parameter "-f <output_filename>" to save iptables
filters table output to an alternate filename
* Add optional parameter "-n <output_filename>" to save iptables
nat table output to an alternate filename
* Add optional parameter "-m <output_filename>" to save iptables
mangle table output to an alternate filename
Signed-off-by: Robin Roevens <robin.roevens(a)disroot.org>
---
src/misc-progs/getipstat.c | 74 +++++++++++++++++++++++++++++++++++---
1 file changed, 69 insertions(+), 5 deletions(-)
diff --git a/src/misc-progs/getipstat.c b/src/misc-progs/getipstat.c
index c806d54a9..57ad81d46 100644
--- a/src/misc-progs/getipstat.c
+++ b/src/misc-progs/getipstat.c
@@ -2,6 +2,15 @@
*
* Get the list from IPTABLES -L
*
+ * Optional commandline parameters:
+ * -x
+ * instruct iptables to expand numbers
+ * -f <filter_rules_output_filename>
+ * output filter table to alternative filename in /var/tmp/
+ * -n <nat_rules_output_filename>
+ * output nat table to alternative filename in /var/tmp/
+ * -m <mangle_rules_output_filename>
+ * output mangle table to alternative filename in /var/tmp/
*/
#include <stdio.h>
@@ -12,16 +21,71 @@
#include <fcntl.h>
#include "setuid.h"
+int cmdOutputToFile(char *cmd, char *filename) {
+ FILE *file;
+ char command[STRING_SIZE];
-int main(void)
+ // remove file if it already exist to prevent permission denied errors
+ // if we have no explicit write permission on it.
+ if ((file = fopen(filename, "r"))) {
+ fclose(file);
+ if (remove(filename) != 0) {
+ fprintf(stderr, "\n%s could not be overwritten.\n", filename);
+ return 1;
+ }
+ }
+
+ // Execute command and redirect output to file
+ snprintf(command, STRING_SIZE - 1, "%s > %s", cmd, filename);
+ return safe_system(command);
+}
+
+int main(int argc, char** argv)
{
+ // Set defaults
+ char params[STRING_SIZE] = "-L -v -n";
+ char out_file_filter[STRING_SIZE] = "/var/tmp/iptables.txt";
+ char out_file_nat[STRING_SIZE] = "/var/tmp/iptablesnat.txt";
+ char out_file_mangle[STRING_SIZE] = "/var/tmp/iptablesmangle.txt";
+
+ int opt;
+ char command[STRING_SIZE];
+
if (!(initsetuid()))
exit(1);
- safe_system("/sbin/iptables -L -v -n > /var/tmp/iptables.txt");
- safe_system("/sbin/iptables -L -v -n -t nat > /var/tmp/iptablesnat.txt");
- safe_system("/sbin/iptables -t mangle -L -v -n > /var/tmp/iptablesmangle.txt");
- safe_system("chown nobody.nobody /var/tmp/iptables.txt /var/tmp/iptablesnat.txt /var/tmp/iptablesmangle.txt");
+ // Parse command line params
+ if (argc > 1) {
+ while ((opt = getopt(argc, argv, "xf:n:m:")) != -1) {
+ switch(opt) {
+ case 'x':
+ strcat(params, " -x");
+ break;
+ case 'f':
+ snprintf(out_file_filter, STRING_SIZE - 1, "/var/tmp/%s", optarg);
+ break;
+ case 'n':
+ snprintf(out_file_nat, STRING_SIZE - 1, "/var/tmp/%s", optarg);
+ break;
+ case 'm':
+ snprintf(out_file_mangle, STRING_SIZE - 1, "/var/tmp/%s", optarg);
+ break;
+ default:
+ fprintf(stderr, "\nBad argument given.\n\ngetipstat [-x][-f <filter_rules_output_filename>][-n <nat_rules_output_filename>][-m <mangle_rules_output_filename>]\n");
+ exit(1);
+ }
+ }
+ }
+
+ // Generate ipstat files
+ snprintf(command, STRING_SIZE - 1, "/sbin/iptables %s", params);
+ cmdOutputToFile(command, out_file_filter);
+ snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t nat %s", params);
+ cmdOutputToFile(command, out_file_nat);
+ snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t mangle %s", params);
+ cmdOutputToFile(command, out_file_mangle);
+ snprintf(command, STRING_SIZE - 1, "chown nobody.nobody %s %s %s", out_file_filter, out_file_nat, out_file_mangle);
+ safe_system(command);
return 0;
}
--
2.31.1
--
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
next reply other threads:[~2021-04-23 16:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-23 16:22 Robin Roevens [this message]
2021-04-26 10:40 ` Michael Tremer
[not found] <9cb073f65a19800c3f0e46c1be007b3a0308209d.camel@disroot.org>
2021-04-26 11:14 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210423162249.18323-1-robin.roevens@disroot.org \
--to=robin.roevens@disroot.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox