Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 11 Jul 2003 23:53:16 -0700 (PDT)
From:      Luigi Rizzo <luigi@FreeBSD.org>
To:        src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sbin/ipfw ipfw2.c
Message-ID:  <200307120653.h6C6rG7e012184@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
luigi       2003/07/11 23:53:16 PDT

  FreeBSD src repository

  Modified files:
    sbin/ipfw            ipfw2.c 
  Log:
  In random order:
  
  * make the code compile with WARNS=5 (at least on i386), mostly
    by adding 'const' specifier and replacing "void *" with "char *"
    in places where pointer arithmetic was used.
    This also spotted a few places where invalid tests (e.g. uint < 0)
    were used.
  
  * support ranges in "list" and "show" commands. Now you can say
  
          ipfw show 100-1000 4000-8000
  
    which is very convenient when you have large rulesets.
  
  * implement comments in ipfw commands. These are implemented in the
    kernel as O_NOP commands (which always match) whose body contains
    the comment string. In userland, a comment is a C++-style comment:
  
          ipfw add allow ip from me to any // i can talk to everybody
  
    The choice of '//' versus '#' is somewhat arbitrary, but because
    the preprocessor/readfile part of ipfw used to strip away '#',
    I did not want to change this behaviour.
  
    If a rule only contains a comment
  
          ipfw add 1000 // this rule is just a comment
  
    then it is stored as a 'count' rule (this is also to remind
    the user that scanning through a rule is expensive).
  
  * improve handling of flags (still to be completed).
    ipfw_main() was written thinking of 'one rule per ipfw invocation',
    and so flags are set and never cleared. With readfile/preprocessor
    support, this changes and certain flags should be reset on each
    line. For the time being, only fix handling of '-a' which
    differentiates the "list" and "show" commands.
  
  * rework the preprocessor support -- ipfw_main() already had most
    of the parsing code, so i have moved in there the only missing
    bit (stripping away '#' and comments) and removed the parsing
    from ipfw_readfile().
    Also, add some more options (such as -c, -N, -S) to the readfile
    section.
  
  MFC after: 3 days
  
  Revision  Changes    Path
  1.32      +277 -218  src/sbin/ipfw/ipfw2.c

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307120653.h6C6rG7e012184>