From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 15 03:54:05 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 582C616A4BF for ; Mon, 15 Sep 2003 03:54:05 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id B904A43F3F for ; Mon, 15 Sep 2003 03:54:04 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h8FAs4kN078003; Mon, 15 Sep 2003 03:54:04 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h8FAs4bD078002; Mon, 15 Sep 2003 03:54:04 -0700 (PDT) (envelope-from rizzo) Date: Mon, 15 Sep 2003 03:54:04 -0700 From: Luigi Rizzo To: ipfw@freebsd.org Message-ID: <20030915035404.A77950@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Subject: proposed ipfw2 patch X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2003 10:54:05 -0000 Hi, the following code implements a '-b' flag for ipfw so that it only prints rule numbers, counters, action and comment -- basically it skips the body of the rule, which can be extremely long if you use extensively address lists or sets. In these cases, a comment might prove more useful to read. I believe we do not have time to put this in 4.9 but maybe someone will find it useful. cheers luigi Index: ipfw2.c =================================================================== RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v retrieving revision 1.4.2.18 diff -u -r1.4.2.18 ipfw2.c --- ipfw2.c 15 Sep 2003 10:27:03 -0000 1.4.2.18 +++ ipfw2.c 15 Sep 2003 10:48:02 -0000 @@ -65,6 +65,7 @@ do_compact, /* show rules in compact mode */ show_sets, /* display rule sets */ test_only, /* only check syntax */ + comment_only, /* only print action and comment */ verbose; #define IP_MASK_ALL 0xffffffff @@ -850,6 +851,8 @@ static void show_prerequisites(int *flags, int want, int cmd) { + if (comment_only) + return; if ( (*flags & HAVE_IP) == HAVE_IP) *flags |= HAVE_OPTIONS; @@ -880,7 +883,7 @@ static int twidth = 0; int l; ipfw_insn *cmd; - char *comment = NULL; /* ptr to comment if we have one */ + const char * comment = NULL; /* ptr to comment if we have one */ int proto = 0; /* default */ int flags = 0; /* prerequisites */ ipfw_insn_log *logptr = NULL; /* set if we find an O_LOG */ @@ -1030,11 +1033,21 @@ flags |= HAVE_IP | HAVE_OPTIONS; } + if (comment_only) + comment = "..."; + for (l = rule->act_ofs, cmd = rule->cmd ; l > 0 ; l -= F_LEN(cmd) , cmd += F_LEN(cmd)) { /* useful alias */ ipfw_insn_u32 *cmd32 = (ipfw_insn_u32 *)cmd; + if (comment_only) { + if (cmd->opcode != O_NOP) + continue; + printf(" // %s\n", (char *)(cmd + 1)); + return; + } + show_prerequisites(&flags, 0, cmd->opcode); switch(cmd->opcode) { @@ -3682,10 +3695,15 @@ save_av = av; optind = optreset = 0; - while ((ch = getopt(ac, av, "acdefhnNqs:STtv")) != -1) + while ((ch = getopt(ac, av, "abcdefhnNqs:STtv")) != -1) switch (ch) { case 'a': do_acct = 1; + break; + + case 'b': + comment_only = 1; + do_compact = 1; break; case 'c':