From owner-freebsd-bugs  Tue Feb 20 18:20: 9 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 68A5C37B503
	for <freebsd-bugs@hub.freebsd.org>; Tue, 20 Feb 2001 18:20:01 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f1L2K1v42853;
	Tue, 20 Feb 2001 18:20:01 -0800 (PST)
	(envelope-from gnats)
Received: from baby.int.thehousleys.net (frenchknot.ne.mediaone.net [24.147.224.201])
	by hub.freebsd.org (Postfix) with ESMTP id 1001037B491
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 20 Feb 2001 18:13:40 -0800 (PST)
	(envelope-from housley@thehousleys.net)
Received: (from housley@localhost)
	by baby.int.thehousleys.net (8.11.2/8.11.2) id f1L2Dcg14055;
	Tue, 20 Feb 2001 21:13:38 -0500 (EST)
	(envelope-from housley)
Message-Id: <200102210213.f1L2Dcg14055@baby.int.thehousleys.net>
Date: Tue, 20 Feb 2001 21:13:38 -0500 (EST)
From: "James E. Housley" <housley@thehousleys.net>
Reply-To: housley@thehousleys.net
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/25241: ipfw shouldn't show dynamics rules when specific rules are requested
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         25241
>Category:       bin
>Synopsis:       ipfw shouldn't show dynamics rules when specific rules are requested
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 20 18:20:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     James E. Housley
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
The Housleys dot Net
>Environment:

	4.2-STABLE

>Description:

	When using ipfw in a stateful mode all the current dynamic rules
	are displayed even when specific rules are requested.  The attached
	patch only displays the dynamic rules when no specific rules are
	requested.

	A better solution might be to bring "Display Dynamic" into a
	seperate function.  Thus allowing the static and dynamic rules matching
	a requested rule number to be displayed.

>How-To-Repeat:

	

>Fix:

--- ipfw.c.orig	Fri Jan 12 11:32:32 2001
+++ ipfw.c	Tue Feb 20 21:09:00 2001
@@ -718,6 +718,44 @@
 
 			show_ipfw(r, pcwidth, bcwidth);
 		}
+	        /*
+	         * show dynamic rules
+	         */
+	        if (num * sizeof (rules[0]) != nbytes ) {
+	            struct ipfw_dyn_rule *d =
+	                    (struct ipfw_dyn_rule *)&rules[num] ;
+	            struct in_addr a ;
+		    struct protoent *pe;
+	 
+	            printf("## Dynamic rules:\n");
+	            for (;; d++) {
+	                printf("%05d %qu %qu (T %d, # %d) ty %d",
+	                    (int)(d->chain),
+	                    d->pcnt, d->bcnt,
+	                    d->expire,
+	                    d->bucket,
+	                    d->type);
+			pe = getprotobynumber(d->id.proto);
+			if (pe)
+				printf(" %s,", pe->p_name);
+			else
+				printf(" %u,", d->id.proto);
+	                a.s_addr = htonl(d->id.src_ip);
+	                printf(" %s", inet_ntoa(a));
+	                printf(" %d", d->id.src_port);
+	                switch (d->type) {
+	                default: /* bidir, no mask */
+	                    printf(" <->");
+	                    break ;
+	                }
+	                a.s_addr = htonl(d->id.dst_ip);
+	                printf(" %s", inet_ntoa(a));
+	                printf(" %d", d->id.dst_port);
+	                printf("\n");
+	                if (d->next == NULL)
+	                    break ;
+	            }
+	        }
 	} else {
 		/* display specific rules requested on command line */
 		int exitval = EX_OK;
@@ -754,44 +792,6 @@
 		if (exitval != EX_OK)
 			exit(exitval);
 	}
-        /*
-         * show dynamic rules
-         */
-        if (num * sizeof (rules[0]) != nbytes ) {
-            struct ipfw_dyn_rule *d =
-                    (struct ipfw_dyn_rule *)&rules[num] ;
-            struct in_addr a ;
-	    struct protoent *pe;
- 
-            printf("## Dynamic rules:\n");
-            for (;; d++) {
-                printf("%05d %qu %qu (T %d, # %d) ty %d",
-                    (int)(d->chain),
-                    d->pcnt, d->bcnt,
-                    d->expire,
-                    d->bucket,
-                    d->type);
-		pe = getprotobynumber(d->id.proto);
-		if (pe)
-			printf(" %s,", pe->p_name);
-		else
-			printf(" %u,", d->id.proto);
-                a.s_addr = htonl(d->id.src_ip);
-                printf(" %s", inet_ntoa(a));
-                printf(" %d", d->id.src_port);
-                switch (d->type) {
-                default: /* bidir, no mask */
-                    printf(" <->");
-                    break ;
-                }
-                a.s_addr = htonl(d->id.dst_ip);
-                printf(" %s", inet_ntoa(a));
-                printf(" %d", d->id.dst_port);
-                printf("\n");
-                if (d->next == NULL)
-                    break ;
-            }
-        }
 
 	free(data);
 }

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message