From owner-freebsd-bugs@FreeBSD.ORG  Fri Aug  3 15:00:07 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 43AD216A41F
	for <freebsd-bugs@hub.freebsd.org>;
	Fri,  3 Aug 2007 15:00:07 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 1EA7D13C46A
	for <freebsd-bugs@hub.freebsd.org>;
	Fri,  3 Aug 2007 15:00:07 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l73F06As021760
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 3 Aug 2007 15:00:06 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l73F06sr021759;
	Fri, 3 Aug 2007 15:00:06 GMT (envelope-from gnats)
Resent-Date: Fri, 3 Aug 2007 15:00:06 GMT
Resent-Message-Id: <200708031500.l73F06sr021759@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Sergey Matveychuk <sem@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F286816A417
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri,  3 Aug 2007 14:56:43 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id DDE4013C45A
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri,  3 Aug 2007 14:56:43 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l73Euh3A053946
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 3 Aug 2007 14:56:43 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id l73EuhGm053945;
	Fri, 3 Aug 2007 14:56:43 GMT (envelope-from nobody)
Message-Id: <200708031456.l73EuhGm053945@www.freebsd.org>
Date: Fri, 3 Aug 2007 14:56:43 GMT
From: Sergey Matveychuk <sem@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.0
Cc: 
Subject: bin/115172: ipfw list show some rules with a wrong format
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Aug 2007 15:00:07 -0000


>Number:         115172
>Category:       bin
>Synopsis:       ipfw list show some rules with a wrong format
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 03 15:00:06 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Sergey Matveychuk
>Release:        
>Organization:
>Environment:
FreeBSD orange.yandex.net 6.2-STABLE FreeBSD 6.2-STABLE #3: Mon Jul 30 16:35:23 UTC 2007     root@orange.yandex.net:/usr/obj/usr/src/sys/ORANGE  i386

>Description:
I think quite many people met a situation when you want to save current rules with 'ipfw list' command and use it as ipfw input afterwards? (Yes, you should add a 'add' word before each line). But here we meet a weird problem: 'ipfw list' outputs a wrong rule format sometime and you can't use it without a modification.

The problem with 'to { ... or ... }' blocks. Let's see an example:
you add the rule:
ipfw add 100 allow tcp from { 10.10.10.1 or 10.10.10.2 } to { 10.10.10.3 or 10.10.10.4 or 10.10.10.5 }

adn it's showed as:
00100 allow tcp from { 10.10.10.1 or 10.10.10.2 } to { 10.10.10.3 or dst-ip 10.10.10.4 or dst-ip 10.10.10.5 }

dst-ip words are wrong here. if you'll try to add the rule in this format you get an error:
ipfw: missing ")"

I think it's a known and long standing problem.
(I've found it's introduced with the commit: Revision 1.11:
Mon Aug 19 04:52:15 2002 UTC (4 years, 11 months ago) by luigi )

After investigation I've found a strange assumption in show_prerequisites() function. It looks wrong. So I think we can remove it easily. It'll fix the problem. I've tried a lot of syntax variants and I can't see something wrong in output after the modification.
>How-To-Repeat:
see above
>Fix:
--- sbin/ipfw/ipfw2.c.orig	Thu Aug  2 13:44:45 2007
+++ sbin/ipfw/ipfw2.c	Thu Aug  2 15:17:44 2007
@@ -1394,9 +1394,6 @@
 {
 	if (comment_only)
 		return;
-	if ( (*flags & HAVE_IP) == HAVE_IP)
-		*flags |= HAVE_OPTIONS;
-
 	if ( !(*flags & HAVE_OPTIONS)) {
 		if ( !(*flags & HAVE_PROTO) && (want & HAVE_PROTO))
 			if ( (*flags & HAVE_PROTO4))


>Release-Note:
>Audit-Trail:
>Unformatted: