Created
February 20, 2012 19:39
-
-
Save dejayc/1870945 to your computer and use it in GitHub Desktop.
Fixes the ipfw DummyNet rules created by Network Link Conditioner when using Internet Sharing in Mac OS X Lion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
LAN_INTERFACE='' | |
BRIDGE_INTERFACE='' | |
SCRIPT_NAME=$( basename "${0}" ) | |
POLL_SLEEP_SECONDS=5 | |
getProcessInfo() { | |
local PROCESS="${1}" | |
ps -ef | grep "${PROCESS}" | grep -v "grep ${PROCESS}" | |
} | |
verifyIpfw() { | |
sysctl -a net.inet.ip.scopedroute # 0 | |
sysctl -a net.inet.ip.forwarding # 1 | |
sysctl -a net.inet.ip.fw.enable # 1 | |
} | |
populateInterfaceNames() { | |
local NATPMPD=$( getProcessInfo natpmpd ) | |
[[ "${NATPMPD}" != '' ]] || { | |
cat <<ERROR | |
ERROR: Could not find natpmpd. This script is only appropriate for Mac OS X \ | |
Lion with Internet Sharing is enabled. | |
ERROR | |
exit 2 | |
} | |
local NATPMPD_PROCESS=$( | |
echo "${NATPMPD}" | sed \ | |
's/.*-[xy][[:space:]]*\([^[:space:]]*\)'\ | |
'.*[[:space:]]\([^[:space:]]*\)$/\1 \2/g' ) | |
LAN_INTERFACE=$( echo "${NATPMPD_PROCESS}" | awk '{print $1}' ) | |
BRIDGE_INTERFACE=$( echo "${NATPMPD_PROCESS}" | awk '{print $2}' ) | |
[[ "${LAN_INTERFACE}" != '' && "${BRIDGE_INTERFACE}" != '' ]] || { | |
cat <<ERROR | |
ERROR: Could not determine the bridged interfaces from the command parameters \ | |
for natpmpd. This script is only appropriate on Mac OS X Lion when Internet \ | |
Sharing is enabled. | |
ERROR | |
exit 2 | |
} | |
} | |
prepareScript() { | |
populateInterfaceNames | |
} | |
executeFix() { | |
executeFixIpfwRules && return 0 | |
echo \ | |
No ipfw rules found for Network Link Conditioner that need to be fixed. | |
return 1 | |
} | |
executeFixIpfwRules() { | |
local IPFW_RULES=$( ipfw list 2> /dev/null ) | |
[[ "${IPFW_RULES}" != '' ]] || { | |
cat <<ERROR | |
ERROR: Could not inspect the state of ipfw. ipfw is either not running, \ | |
not installed, or could not be found in the PATH for this user. Or, perhaps \ | |
this script was not invoked by an account with root privileges. | |
ERROR | |
exit 2 | |
} | |
local IPFW_PIPE_RULES_IN=$( | |
echo "${IPFW_RULES}" | grep "pipe [0-9]* ip from any to any in" ) | |
local IPFW_PIPE_RULES_OUT=$( | |
echo "${IPFW_RULES}" | grep "pipe [0-9]* ip from any to any out" ) | |
[[ "${IPFW_PIPE_RULES_IN}" != '' || \ | |
"${IPFW_PIPE_RULES_OUT}" != '' ]] || return 1 | |
echo -e "${IPFW_PIPE_RULES_IN}" | { | |
while read line | |
do | |
local RULE_NUM=$( echo "${line}" | awk '{print $1}' ) | |
local PIPE_NUM=$( echo "${line}" | awk '{print $3}' ) | |
[[ "${RULE_NUM}" != '' && "${PIPE_NUM}" != '' ]] || continue | |
echo "Line: '${line}'" | |
echo "Processing input rule ${RULE_NUM} for pipe ${PIPE_NUM}" | |
ipfw delete "${RULE_NUM}" | |
ipfw add "${RULE_NUM}" pipe "${PIPE_NUM}" ip from any to any \ | |
xmit "${BRIDGE_INTERFACE}" recv "${LAN_INTERFACE}" in | |
done | |
} | |
echo -e "${IPFW_PIPE_RULES_OUT}" | { | |
while read line | |
do | |
local RULE_NUM=$( echo "${line}" | awk '{print $1}' ) | |
local PIPE_NUM=$( echo "${line}" | awk '{print $3}' ) | |
[[ "${RULE_NUM}" != '' && "${PIPE_NUM}" != '' ]] || continue | |
echo "Line: '${line}'" | |
echo "Processing output rule ${RULE_NUM} for pipe ${PIPE_NUM}" | |
ipfw delete "${RULE_NUM}" | |
ipfw add "${RULE_NUM}" pipe "${PIPE_NUM}" ip from any to any \ | |
xmit "${LAN_INTERFACE}" recv "${BRIDGE_INTERFACE}" out | |
done | |
} | |
} | |
executePollingMode() { | |
local PLURALIZED="second$( [[ ${POLL_SLEEP_SECONDS} -ne 1 ]] && echo s )" | |
cat <<MESSAGE | |
Polling every ${POLL_SLEEP_SECONDS} ${PLURALIZED} for changes to Network \ | |
Link Conditioner firewall rules... | |
MESSAGE | |
while true | |
do | |
executeFixIpfwRules | |
sleep ${POLL_SLEEP_SECONDS} | |
done | |
} | |
showUsage() { | |
cat <<USAGE | |
USAGE: ${SCRIPT_NAME} [-p] | |
Fixes Network Link Conditioner firewall settings when Internet Sharing is \ | |
enabled in Mac OS X Lion. | |
This script must be executed with root privileges every time a new profile \ | |
is selected within Network Link Conditioner. Alternatively, this script can \ | |
be launched in polling mode, in which Network Link Conditioner changes are \ | |
detected automatically. | |
-p runs this script continually in polling mode, to automatically detect \ | |
changes in Network Link Conditioner. | |
Compatible with Mac OS X Lion only. | |
USAGE | |
} | |
execute() { | |
local EXEC_PARAM=$( echo "${1}" | tr [:upper:] [:lower:] ) | |
case "${EXEC_PARAM}" in | |
'-p') | |
prepareScript | |
executePollingMode | |
;; | |
'-?'|'--?'|'/?'|'-h'|'--h'|'/h'|'-help'|'--help'|'/help'|'help') | |
showUsage | |
exit 1 | |
;; | |
'') | |
prepareScript | |
executeFix | |
return ${?} | |
;; | |
*) | |
echo "ERROR: Unknown parameter '${EXEC_PARAM}' specified" | |
showUsage | |
exit 1 | |
;; | |
esac | |
} | |
execute "${@}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment