Date: Fri, 11 Jun 2004 14:23:51 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: Luigi Rizzo <rizzo@icir.org> Cc: ipfw@FreeBSD.org Subject: Re: wrong output syntax in ipfw(8) Message-ID: <20040611112351.GB434@ip.net.ua> In-Reply-To: <20040611092900.GA434@ip.net.ua> References: <200406092010.i59KAcXH025699@repoman.freebsd.org> <20040610214059.GA3228@ip.net.ua> <200406110151.17372.max@love2party.net> <20040611072136.GB55472@ip.net.ua> <20040611021113.A73239@xorpc.icir.org> <20040611092900.GA434@ip.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
--H1spWtNR+x+ondvy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 11, 2004 at 12:29:00PM +0300, Ruslan Ermilov wrote: > Luigi, >=20 > While we're on the IPFW2 topic, I noticed one glitch when > printing IPFW2 rules: >=20 > OK: >=20 > # ipfw add 1 count ip from { 1 or 2 } to any > 00001 count ip from { 0.0.0.1 or 0.0.0.2 } to any >=20 > Wrong: >=20 > # ipfw add 1 count ip from any to { 1 or 2 } > 00001 count ip from any to { 0.0.0.1 or dst-ip 0.0.0.2 } >=20 > This happens because when we get to printing the 0.0.0.2, > all 3-tuple (proto, src-ip, and dst-ip) is already defined. > As such, HAVE_OPTIONS is set, so " dst-ip" is prepended. > Can you fix it, as I'm lost in debris of ipfw2.c? ;) >=20 > P.S. Yes, I'm well aware of the first paragraph of the > ipfw(8) manpage. ;) >=20 So far, I've come up with the following patch. It's odd and very hackish but seems to DTRT: %%% --- ipfw2.c~ Fri Jun 11 12:05:56 2004 +++ ipfw2.c Fri Jun 11 13:01:13 2004 @@ -860,7 +860,7 @@ print_icmptypes(ipfw_insn_u32 *cmd) static void show_prerequisites(int *flags, int want, int cmd) { - if ( (*flags & HAVE_IP) =3D=3D HAVE_IP) + if ( !cmd && (*flags & HAVE_IP) =3D=3D HAVE_IP) *flags |=3D HAVE_OPTIONS; =20 if ( (*flags & (HAVE_MAC|HAVE_MACTYPE|HAVE_OPTIONS)) =3D=3D HAVE_MAC && @@ -1096,15 +1096,21 @@ show_ipfw(struct ip_fw *rule, int pcwidt case O_IP_DST_MASK: case O_IP_DST_ME: case O_IP_DST_SET: + { + int saved_flags =3D flags; + show_prerequisites(&flags, HAVE_PROTO|HAVE_SRCIP, 0); if (!(flags & HAVE_DSTIP)) printf(" to"); if ((cmd->len & F_OR) && !or_block) printf(" {"); + if (or_block && !(saved_flags & HAVE_OPTIONS)) + flags &=3D ~HAVE_OPTIONS; print_ip((ipfw_insn_ip *)cmd, (flags & HAVE_OPTIONS) ? " dst-ip" : ""); flags |=3D HAVE_DSTIP; break; + } =20 case O_IP_DSTPORT: show_prerequisites(&flags, HAVE_IP, 0); %%% If someone has a better fix, please let me know. ;) Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --H1spWtNR+x+ondvy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAyZZHqRfpzJluFF4RArGjAJ0bbLQ41C3jMjdhlfHtQVYqaXh8+QCbBS9Y W2T7av7q6KhmO9Cmkjdg51o= =n29m -----END PGP SIGNATURE----- --H1spWtNR+x+ondvy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040611112351.GB434>