From patchwork Fri Apr 23 16:22:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 4211 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FRfjf4KwCz44Qc for ; Fri, 23 Apr 2021 16:23:34 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FRfjf0gGDzHt; Fri, 23 Apr 2021 16:23:34 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FRfjd6VqXz2y0s; Fri, 23 Apr 2021 16:23:33 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FRfjc3Gb0z2y0r for ; Fri, 23 Apr 2021 16:23:32 +0000 (UTC) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4FRfjb70JgzBZ for ; Fri, 23 Apr 2021 16:23:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 8EC3752DA9 for ; Fri, 23 Apr 2021 18:23:31 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with UTF8SMTP id dO_pja3xr7WH for ; Fri, 23 Apr 2021 18:23:30 +0200 (CEST) Received: from amaterasu.sicho.home ([192.168.0.1] helo=chojin.sicho.home) by filekeeper.sicho.home with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1lZyaH-00006x-6w; Fri, 23 Apr 2021 18:23:13 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1619195004; bh=nrVW0TtsyRXNeyMndulJ8gO6pPJ3stChFu9F1GjH90E=; h=From:To:Cc:Subject:Date; b=M0IGrZTUciii/T6GR1mHqJPZJoY5waUHTU8llIsSozcqNQvNPpxUnIzhq6oQwGDaN /3D93Gi4mxSi70NGS+O5CMALwToDcxMGZT57A9Elf9BK196gw3JRByukjntF3xRmed 4CkF0+ZdL/fWDdE7eut2Mca551k+eDaxMorcOoIR/nXjCbkOJD65LG8bIY9LD+OEsy M5+B/7oEolfI2QMqo4fi2kaaHt46C6vAR45jpod3O8nhESecA9nGGo4DdpJ8OVVCUw Xy9Z1tXH/80OlKTGAUeghOEwCva87Y0s/CdE+MjzILJywbNKLZqrnUHOa3YY0WhSkz ivYYLxhlv/hiA== From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH] misc-progs: getipstat: Extend functionality Date: Fri, 23 Apr 2021 18:22:50 +0200 Message-Id: <20210423162249.18323-1-robin.roevens@disroot.org> Mime-Version: 1.0 X-filekeeper-MailScanner-ID: 1lZyaH-00006x-6w X-filekeeper-MailScanner: Found to be clean X-filekeeper-MailScanner-From: robin.roevens@disroot.org X-filekeeper-MailScanner-Watermark: 1619799796.33732@JvIiiGKAFyMuh2+ODxYH3g ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1619195012; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:dkim-signature; bh=Sma0hARSfn+Jis7AqkVQOrO33qNulFTUUsWnkVuGRBk=; b=sTnl1ffl/f1YTQz2dVpWqZ2ekZd9x4nKYE9B+Ag1zBxkK4ZBAifSibRjEJJFi70R6p3Ou6 qDgfjSMWbOXQxcFnd1AwhLfoXQIWNiuMTgr0k9G1Fq28rdhrfNTzSf5pTrp5PDEayF89BO mEbQPJ60Tx0F+cMOX8R2VX717euIw7Ty2pb/fsMMsSzIAUzU7IVWwY+2PldHm5FYPSmD4Y d/k2PwNE6F4SmLIsPn7AIdo29QQOZMUuQA3pjQ9K6b8ebrP4ZBDfzEY9vQG351Fvha1Quc VVj/PXPwbkSMM91WnjzYeM3vmxoM4N1NOSlXdREZfcc4t1NtCpGeEHpSAXDfOA== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=M0IGrZTU; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1619195012; a=rsa-sha256; cv=none; b=gaZtsSJWubsKdDIgg6v/s2JzdzF7xxDVQgbd7nh/GItqQ9owi8YVq4vcloW0PcK2/P8Shp SgUFN1FqR07d/jF7VuG3BYgW+KAWf5Wm0fXRgukIz4rDxfILYJM2dbTWaeY4/N7oetxaiZ 9MSo6gBSgbKIkZEVIJrhki14AlkJcSVch2G/moo+yh7xekShZ1aKmmuFQmFSzBKXUf4RKF GssbzbnYbxp/jm8uJx+Esx5zPCj0HfV74q0e3Tir16JXc06vtzjwS3+FHNe+jqeuMQV3fV lfMWEHWTrG167iBxFci89v6tK3YmWaIRJ903tJdR2Khmy0UcxRxhwuZW9h8iZQ== X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-1.90 / 11.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:c]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; BROKEN_CONTENT_TYPE(1.50)[]; R_MISSING_CHARSET(2.50)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_REPUTATION_HAM(-2.40)[asn: 50673(-0.34), country: NL(-0.01), ip: 178.21.23.139(-0.85)]; DKIM_TRACE(0.00)[disroot.org:+]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; BAYES_HAM(-3.00)[99.99%] X-Rspamd-Queue-Id: 4FRfjb70JgzBZ Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=M0IGrZTU; dmarc=pass (policy=quarantine) header.from=disroot.org; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" * bugfix: Make sure outputfiles are removed beforehand to prevent permission errors writing to them. * Add optional parameter "-x" to have iptables report exact numbers * Add optional parameter "-f " to save iptables filters table output to an alternate filename * Add optional parameter "-n " to save iptables nat table output to an alternate filename * Add optional parameter "-m " to save iptables mangle table output to an alternate filename Signed-off-by: Robin Roevens --- src/misc-progs/getipstat.c | 74 +++++++++++++++++++++++++++++++++++--- 1 file changed, 69 insertions(+), 5 deletions(-) diff --git a/src/misc-progs/getipstat.c b/src/misc-progs/getipstat.c index c806d54a9..57ad81d46 100644 --- a/src/misc-progs/getipstat.c +++ b/src/misc-progs/getipstat.c @@ -2,6 +2,15 @@ * * Get the list from IPTABLES -L * + * Optional commandline parameters: + * -x + * instruct iptables to expand numbers + * -f + * output filter table to alternative filename in /var/tmp/ + * -n + * output nat table to alternative filename in /var/tmp/ + * -m + * output mangle table to alternative filename in /var/tmp/ */ #include @@ -12,16 +21,71 @@ #include #include "setuid.h" +int cmdOutputToFile(char *cmd, char *filename) { + FILE *file; + char command[STRING_SIZE]; -int main(void) + // remove file if it already exist to prevent permission denied errors + // if we have no explicit write permission on it. + if ((file = fopen(filename, "r"))) { + fclose(file); + if (remove(filename) != 0) { + fprintf(stderr, "\n%s could not be overwritten.\n", filename); + return 1; + } + } + + // Execute command and redirect output to file + snprintf(command, STRING_SIZE - 1, "%s > %s", cmd, filename); + return safe_system(command); +} + +int main(int argc, char** argv) { + // Set defaults + char params[STRING_SIZE] = "-L -v -n"; + char out_file_filter[STRING_SIZE] = "/var/tmp/iptables.txt"; + char out_file_nat[STRING_SIZE] = "/var/tmp/iptablesnat.txt"; + char out_file_mangle[STRING_SIZE] = "/var/tmp/iptablesmangle.txt"; + + int opt; + char command[STRING_SIZE]; + if (!(initsetuid())) exit(1); - safe_system("/sbin/iptables -L -v -n > /var/tmp/iptables.txt"); - safe_system("/sbin/iptables -L -v -n -t nat > /var/tmp/iptablesnat.txt"); - safe_system("/sbin/iptables -t mangle -L -v -n > /var/tmp/iptablesmangle.txt"); - safe_system("chown nobody.nobody /var/tmp/iptables.txt /var/tmp/iptablesnat.txt /var/tmp/iptablesmangle.txt"); + // Parse command line params + if (argc > 1) { + while ((opt = getopt(argc, argv, "xf:n:m:")) != -1) { + switch(opt) { + case 'x': + strcat(params, " -x"); + break; + case 'f': + snprintf(out_file_filter, STRING_SIZE - 1, "/var/tmp/%s", optarg); + break; + case 'n': + snprintf(out_file_nat, STRING_SIZE - 1, "/var/tmp/%s", optarg); + break; + case 'm': + snprintf(out_file_mangle, STRING_SIZE - 1, "/var/tmp/%s", optarg); + break; + default: + fprintf(stderr, "\nBad argument given.\n\ngetipstat [-x][-f ][-n ][-m ]\n"); + exit(1); + } + } + } + + // Generate ipstat files + snprintf(command, STRING_SIZE - 1, "/sbin/iptables %s", params); + cmdOutputToFile(command, out_file_filter); + snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t nat %s", params); + cmdOutputToFile(command, out_file_nat); + snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t mangle %s", params); + cmdOutputToFile(command, out_file_mangle); + snprintf(command, STRING_SIZE - 1, "chown nobody.nobody %s %s %s", out_file_filter, out_file_nat, out_file_mangle); + safe_system(command); return 0; }