From owner-freebsd-bugs@FreeBSD.ORG  Sun Apr 29 16:10:02 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 0CCA916A401
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 29 Apr 2007 16:10:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id DABF713C469
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 29 Apr 2007 16:10:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l3TGA1xU034503
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 29 Apr 2007 16:10:01 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l3TGA1Nn034502;
	Sun, 29 Apr 2007 16:10:01 GMT (envelope-from gnats)
Resent-Date: Sun, 29 Apr 2007 16:10:01 GMT
Resent-Message-Id: <200704291610.l3TGA1Nn034502@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	"Andrey V. Elsukov" <bu7cher@yandex.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 8E14B16A400
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 29 Apr 2007 16:09:33 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from properlan.net (properlan.net [82.211.139.89])
	by mx1.freebsd.org (Postfix) with ESMTP id 66D1513C448
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 29 Apr 2007 16:09:32 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from btr-nb.properlan.net ([10.0.12.48])
	by properlan.net with esmtp (Exim 4.50) id 1HiBkH-0000r2-Dm
	for FreeBSD-gnats-submit@freebsd.org; Sun, 29 Apr 2007 19:55:29 +0400
Received: by btr-nb.properlan.net (Postfix, from userid 1001)
	id 861E017011; Sun, 29 Apr 2007 19:55:29 +0400 (MSD)
Message-Id: <20070429155529.861E017011@btr-nb.properlan.net>
Date: Sun, 29 Apr 2007 19:55:29 +0400 (MSD)
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: bin/112244: [patch][ipfw] Incorrect output of rule with the MAC
	option
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "Andrey V. Elsukov" <bu7cher@yandex.ru>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Apr 2007 16:10:02 -0000


>Number:         112244
>Category:       bin
>Synopsis:       [patch][ipfw] Incorrect output of rule with the MAC option
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 29 16:10:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Andrey V. Elsukov
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD btr-nb.properlan.net 7.0-CURRENT FreeBSD 7.0-CURRENT #11: Sat Apr 21 18:17:26 MSD 2007 root@btr-nb.properlan.net:/usr/obj/usr/src/sys/BTR i386

>Description:
        The ipfw(8) show incorrect rule in some cases when used the MAC option.
        An example:
        > sudo ipfw add 100 count icmp from any to any MAC any any
        00100 count icmp MAC any any any

        "count icmp MAC any any any" is not the same that "count icmp from any to any MAC any any"
>How-To-Repeat:
        > sudo ipfw add 100 count icmp from any to any MAC any any
        00100 count icmp MAC any any any
>Fix:

	

--- ipfw2.c.diff begins here ---
--- src/sbin/ipfw/ipfw2.c	Sun Jan  7 06:02:02 2007
+++ src/sbin/ipfw/ipfw2.c	Mon Apr 16 22:07:01 2007
@@ -1400,10 +1400,8 @@
 #define	HAVE_PROTO	0x0001
 #define	HAVE_SRCIP	0x0002
 #define	HAVE_DSTIP	0x0004
-#define	HAVE_MAC	0x0008
-#define	HAVE_MACTYPE	0x0010
-#define	HAVE_PROTO4	0x0040
-#define	HAVE_PROTO6	0x0080
+#define	HAVE_PROTO4	0x0008
+#define	HAVE_PROTO6	0x0010
 #define	HAVE_OPTIONS	0x8000
 
 #define	HAVE_IP		(HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP)
@@ -1415,16 +1413,6 @@
 	if ( (*flags & HAVE_IP) == HAVE_IP)
 		*flags |= HAVE_OPTIONS;
 
-	if ( (*flags & (HAVE_MAC|HAVE_MACTYPE|HAVE_OPTIONS)) == HAVE_MAC &&
-	     cmd != O_MAC_TYPE) {
-		/*
-		 * mac-type was optimized out by the compiler,
-		 * restore it
-		 */
-		printf(" any");
-		*flags |= HAVE_MACTYPE | HAVE_OPTIONS;
-		return;
-	}
 	if ( !(*flags & HAVE_OPTIONS)) {
 		if ( !(*flags & HAVE_PROTO) && (want & HAVE_PROTO))
 			if ( (*flags & HAVE_PROTO4))
@@ -1680,28 +1668,6 @@
 		case O_PROBE_STATE:
 			break; /* no need to print anything here */
 
-		case O_MACADDR2: {
-			ipfw_insn_mac *m = (ipfw_insn_mac *)cmd;
-
-			if ((cmd->len & F_OR) && !or_block)
-				printf(" {");
-			if (cmd->len & F_NOT)
-				printf(" not");
-			printf(" MAC");
-			flags |= HAVE_MAC;
-			print_mac(m->addr, m->mask);
-			print_mac(m->addr + 6, m->mask + 6);
-			}
-			break;
-
-		case O_MAC_TYPE:
-			if ((cmd->len & F_OR) && !or_block)
-				printf(" {");
-			print_newports((ipfw_insn_u16 *)cmd, IPPROTO_ETHERTYPE,
-				(flags & HAVE_OPTIONS) ? cmd->opcode : 0);
-			flags |= HAVE_MAC | HAVE_MACTYPE | HAVE_OPTIONS;
-			break;
-
 		case O_IP_SRC:
 		case O_IP_SRC_LOOKUP:
 		case O_IP_SRC_MASK:
@@ -1809,6 +1775,21 @@
 			if (cmd->len & F_NOT && cmd->opcode != O_IN)
 				printf(" not");
 			switch(cmd->opcode) {
+			case O_MACADDR2: {
+				ipfw_insn_mac *m = (ipfw_insn_mac *)cmd;
+
+				printf(" MAC");
+				print_mac(m->addr, m->mask);
+				print_mac(m->addr + 6, m->mask + 6);
+				}
+				break;
+
+			case O_MAC_TYPE:
+				print_newports((ipfw_insn_u16 *)cmd,
+						IPPROTO_ETHERTYPE, cmd->opcode);
+				break;
+
+
 			case O_FRAG:
 				printf(" frag");
 				break;
--- ipfw2.c.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: