Date: Fri, 10 Aug 2007 09:50:08 GMT From: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> To: freebsd-ipfw@FreeBSD.org Subject: Re: bin/115372: [ipfw]: "ipfw show" prints ill result. Message-ID: <200708100950.l7A9o8WP000994@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/115372; it has been noted by GNATS. From: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> To: bug-followup@FreeBSD.org, "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: Maxim Konovalov <maxim@FreeBSD.org>, Oleg Bulyzhin <oleg@FreeBSD.org> Subject: Re: bin/115372: [ipfw]: "ipfw show" prints ill result. Date: Fri, 10 Aug 2007 18:30:58 +0900 Hello, "Andrey V. Elsukov" <bu7cher@yandex.ru> wrote: > this bug was not introduced by mentioned commit. > You can see this bug also with following rules: > # ipfw add allow ip from any to any not ipid 1,2,3,4,5 > # ipfw add allow ip from any to any not ipttl 1,2,3,4,5 > # ipfw add allow ip from any to any not iplen 1,2,3,4,5 > and "not tcpdatalen 1,2,3,4", "not tagged 1,2,3,4". That's right. I tried some of above, and the previous version can produce duplicated "not". On my FreeBSD 6-STABLE host, the patch should be modified (only about line numbers), like following; @@ -632,8 +632,6 @@ int i; char const *sep; - if (cmd->o.len & F_NOT) - printf(" not"); if (opcode != 0) { sep = match_value(_port_name, opcode); if (sep == NULL) @@ -1715,6 +1713,8 @@ show_prerequisites(&flags, HAVE_PROTO|HAVE_SRCIP, 0); if ((cmd->len & F_OR) && !or_block) printf(" {"); + if (cmd->len & F_NOT) + printf(" not"); print_newports((ipfw_insn_u16 *)cmd, proto, (flags & HAVE_OPTIONS) ? cmd->opcode : 0); break; However, I do not know whether it is perfect or insufficient. Please fix as you think good. Thank you for your follow-up and patch.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708100950.l7A9o8WP000994>