Date: Tue, 20 Feb 2001 21:13:38 -0500 (EST) From: "James E. Housley" <housley@thehousleys.net> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/25241: ipfw shouldn't show dynamics rules when specific rules are requested Message-ID: <200102210213.f1L2Dcg14055@baby.int.thehousleys.net>
next in thread | raw e-mail | index | archive | help
>Number: 25241
>Category: bin
>Synopsis: ipfw shouldn't show dynamics rules when specific rules are requested
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 20 18:20:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: James E. Housley
>Release: FreeBSD 4.2-STABLE i386
>Organization:
The Housleys dot Net
>Environment:
4.2-STABLE
>Description:
When using ipfw in a stateful mode all the current dynamic rules
are displayed even when specific rules are requested. The attached
patch only displays the dynamic rules when no specific rules are
requested.
A better solution might be to bring "Display Dynamic" into a
seperate function. Thus allowing the static and dynamic rules matching
a requested rule number to be displayed.
>How-To-Repeat:
>Fix:
--- ipfw.c.orig Fri Jan 12 11:32:32 2001
+++ ipfw.c Tue Feb 20 21:09:00 2001
@@ -718,6 +718,44 @@
show_ipfw(r, pcwidth, bcwidth);
}
+ /*
+ * show dynamic rules
+ */
+ if (num * sizeof (rules[0]) != nbytes ) {
+ struct ipfw_dyn_rule *d =
+ (struct ipfw_dyn_rule *)&rules[num] ;
+ struct in_addr a ;
+ struct protoent *pe;
+
+ printf("## Dynamic rules:\n");
+ for (;; d++) {
+ printf("%05d %qu %qu (T %d, # %d) ty %d",
+ (int)(d->chain),
+ d->pcnt, d->bcnt,
+ d->expire,
+ d->bucket,
+ d->type);
+ pe = getprotobynumber(d->id.proto);
+ if (pe)
+ printf(" %s,", pe->p_name);
+ else
+ printf(" %u,", d->id.proto);
+ a.s_addr = htonl(d->id.src_ip);
+ printf(" %s", inet_ntoa(a));
+ printf(" %d", d->id.src_port);
+ switch (d->type) {
+ default: /* bidir, no mask */
+ printf(" <->");
+ break ;
+ }
+ a.s_addr = htonl(d->id.dst_ip);
+ printf(" %s", inet_ntoa(a));
+ printf(" %d", d->id.dst_port);
+ printf("\n");
+ if (d->next == NULL)
+ break ;
+ }
+ }
} else {
/* display specific rules requested on command line */
int exitval = EX_OK;
@@ -754,44 +792,6 @@
if (exitval != EX_OK)
exit(exitval);
}
- /*
- * show dynamic rules
- */
- if (num * sizeof (rules[0]) != nbytes ) {
- struct ipfw_dyn_rule *d =
- (struct ipfw_dyn_rule *)&rules[num] ;
- struct in_addr a ;
- struct protoent *pe;
-
- printf("## Dynamic rules:\n");
- for (;; d++) {
- printf("%05d %qu %qu (T %d, # %d) ty %d",
- (int)(d->chain),
- d->pcnt, d->bcnt,
- d->expire,
- d->bucket,
- d->type);
- pe = getprotobynumber(d->id.proto);
- if (pe)
- printf(" %s,", pe->p_name);
- else
- printf(" %u,", d->id.proto);
- a.s_addr = htonl(d->id.src_ip);
- printf(" %s", inet_ntoa(a));
- printf(" %d", d->id.src_port);
- switch (d->type) {
- default: /* bidir, no mask */
- printf(" <->");
- break ;
- }
- a.s_addr = htonl(d->id.dst_ip);
- printf(" %s", inet_ntoa(a));
- printf(" %d", d->id.dst_port);
- printf("\n");
- if (d->next == NULL)
- break ;
- }
- }
free(data);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102210213.f1L2Dcg14055>