firewall.py: don't die if a given sysctl doesn't exist.

Instead, get a list of known sysctls in the interesting prefix (net.inet.ip) and check if there's an entry in the list for each sysctl we want to change. If there isn't, then don't try to change it. This fixes a problem with FreeBSD, which doesn't have net.inet.ip.scopedroute but also doesn't need it. Probably also fixes MacOS 10.5, which probably didn't have that either, but I don't know for sure. Reported by Ed Maste.
ipfw: use 'delete' instead of 'del' to avoid a warning on freebsd.
2025-07-06 17:50:35 +02:00 · 2010-10-16 20:11:30 -06:00 · 2010-10-05 13:29:12 -04:00 · 2010-10-04 02:47:43 -07:00
2 changed files with 33 additions and 14 deletions
--- a/firewall.py
+++ b/firewall.py
@ -81,17 +81,19 @@ def ipfw_rule_exists(n):
    return found


-def sysctl_get(name):
-    argv = ['sysctl', '-n', name]
+_oldctls = {}
+def _fill_oldctls(prefix):
+    argv = ['sysctl', prefix]
    p = ssubprocess.Popen(argv, stdout = ssubprocess.PIPE)
-    line = p.stdout.readline()
+    for line in p.stdout:
+        assert(line[-1] == '\n')
+        (k,v) = line[:-1].split(': ', 1)
+        _oldctls[k] = v
    rv = p.wait()
    if rv:
        raise Fatal('%r returned %d' % (argv, rv))
    if not line:
        raise Fatal('%r returned no data' % (argv,))
-    assert(line[-1] == '\n')
-    return line[:-1]


 def _sysctl_set(name, val):
@ -100,11 +102,19 @@ def _sysctl_set(name, val):
    rv = ssubprocess.call(argv, stdout = open('/dev/null', 'w'))


-_oldctls = []
+_changedctls = []
 def sysctl_set(name, val):
-    oldval = sysctl_get(name)
-    if str(val) != str(oldval):
-        _oldctls.append((name, oldval))
+    PREFIX = 'net.inet.ip'
+    assert(name.startswith(PREFIX + '.'))
+    val = str(val)
+    if not _oldctls:
+        _fill_oldctls(PREFIX)
+    if not (name in _oldctls):
+        debug1('>> No such sysctl: %r\n' % name)
+        return
+    oldval = _oldctls[name]
+    if val != oldval:
+        _changedctls.append(name)
        return _sysctl_set(name, val)
    

@ -122,10 +132,11 @@ def do_ipfw(port, subnets):

    # cleanup any existing rules
    if ipfw_rule_exists(port):
-        ipfw('del', sport)
+        ipfw('delete', sport)

-    while _oldctls:
-        (name,oldval) = _oldctls.pop()
+    while _changedctls:
+        name = _changedctls.pop()
+        oldval = _oldctls[name]
        _sysctl_set(name, oldval)

    if subnets:
--- a/server.py
+++ b/server.py
@ -133,12 +133,20 @@ def main():
    mux.send(0, ssnet.CMD_ROUTES, routepkt)

    hw = Hostwatch()
-
+    hw.leftover = ''
+        
    def hostwatch_ready():
        assert(hw.pid)
        content = hw.sock.recv(4096)
        if content:
-            mux.send(0, ssnet.CMD_HOST_LIST, content)
+            lines = (hw.leftover + content).split('\n')
+            if lines[-1]:
+                # no terminating newline: entry isn't complete yet!
+                hw.leftover = lines.pop()
+                lines.append('')
+            else:
+                hw.leftover = ''
+            mux.send(0, ssnet.CMD_HOST_LIST, '\n'.join(lines))
        else:
            raise Fatal('hostwatch process died')