diff options
author | alex <alex@FreeBSD.org> | 1996-10-17 01:05:03 +0000 |
---|---|---|
committer | alex <alex@FreeBSD.org> | 1996-10-17 01:05:03 +0000 |
commit | 9b6c3e888dab05dfe60b3ee68b90e7b90b64b68e (patch) | |
tree | 7c285bdbe0964f782a50cdba0e2116e731c8940d /sbin/ipfw | |
parent | 283f514ba05e8e99c8f6d82d0d3a4b67078bfbb6 (diff) | |
download | FreeBSD-src-9b6c3e888dab05dfe60b3ee68b90e7b90b64b68e.zip FreeBSD-src-9b6c3e888dab05dfe60b3ee68b90e7b90b64b68e.tar.gz |
Issue a warning if the user specifies an invalid interface in a rule.
The rule is still added to the chain since the interface may get
created later on after loading an LKM.
Diffstat (limited to 'sbin/ipfw')
-rw-r--r-- | sbin/ipfw/ipfw.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/sbin/ipfw/ipfw.c b/sbin/ipfw/ipfw.c index 4114111..b97d38f 100644 --- a/sbin/ipfw/ipfw.c +++ b/sbin/ipfw/ipfw.c @@ -16,7 +16,7 @@ * * NEW command line interface for IP firewall facility * - * $Id: ipfw.c,v 1.32 1996/08/13 19:43:24 pst Exp $ + * $Id: ipfw.c,v 1.33 1996/08/31 17:58:23 nate Exp $ * */ @@ -31,6 +31,8 @@ #include <time.h> #include <sys/queue.h> #include <sys/socket.h> +#include <sys/sockio.h> +#include <net/if.h> #include <netinet/in.h> #include <netinet/ip_fw.h> #include <netinet/tcp.h> @@ -594,6 +596,26 @@ delete(ac,av) err(1,"setsockopt(IP_FW_DEL)"); } +int +verify_interface(rule) + struct ip_fw *rule; +{ + struct ifreq ifr; + + /* + * If a unit was specified, check for that exact interface. + * If a wildcard was specified, check for unit 0. + */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", + rule->fw_via_name, + rule->fw_flg & IP_FW_F_IFUWILD ? 0 : rule->fw_via_unit); + + if (ioctl(s, SIOCGIFFLAGS, &ifr) < 0) + return(-1); /* interface isn't recognized by the kernel */ + + return(0); /* interface exists */ +} + void add(ac,av) int ac; @@ -706,6 +728,8 @@ add(ac,av) rule.fw_via_unit = atoi(q); *q = '\0'; rule.fw_flg |= IP_FW_F_IFNAME; + if (verify_interface(&rule) != 0) + fprintf(stderr, "Warning: interface does not exist\n"); } else if (inet_aton(*av,&rule.fw_via_ip) == INADDR_NONE) { show_usage("bad IP# after via\n"); } |