From owner-svn-src-all@freebsd.org  Sun Nov 18 00:28:58 2018
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E1495110CF8A;
 Sun, 18 Nov 2018 00:28:57 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8A3A788F16;
 Sun, 18 Nov 2018 00:28:57 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 508D83B6D;
 Sun, 18 Nov 2018 00:28:57 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI0Sv0m088207;
 Sun, 18 Nov 2018 00:28:57 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI0SvFf088206;
 Sun, 18 Nov 2018 00:28:57 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201811180028.wAI0SvFf088206@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Sun, 18 Nov 2018 00:28:57 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject: svn commit: r340539 - in stable/11: sbin/ipfw sys/netinet
X-SVN-Group: stable-11
X-SVN-Commit-Author: ae
X-SVN-Commit-Paths: in stable/11: sbin/ipfw sys/netinet
X-SVN-Commit-Revision: 340539
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 8A3A788F16
X-Spamd-Result: default: False [-0.11 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_SHORT(-0.11)[-0.107,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-Rspamd-Server: mx1.freebsd.org
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Nov 2018 00:28:58 -0000

Author: ae
Date: Sun Nov 18 00:28:56 2018
New Revision: 340539
URL: https://svnweb.freebsd.org/changeset/base/340539

Log:
  MFC r339539:
    Add IPFW_RULE_JUSTOPTS flag, that is used by ipfw(8) to mark rule,
    that was added using "new rule format". And then, when the kernel
    returns rule with this flag, ipfw(8) can correctly show it.
  
    Reported by:	lev
    Sponsored by:	Yandex LLC
    Differential Revision:	https://reviews.freebsd.org/D17373

Modified:
  stable/11/sbin/ipfw/ipfw2.c
  stable/11/sys/netinet/ip_fw.h
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sbin/ipfw/ipfw2.c
==============================================================================
--- stable/11/sbin/ipfw/ipfw2.c	Sun Nov 18 00:27:47 2018	(r340538)
+++ stable/11/sbin/ipfw/ipfw2.c	Sun Nov 18 00:28:56 2018	(r340539)
@@ -2207,6 +2207,12 @@ show_static_rule(struct cmdline_opts *co, struct forma
 	 */
 	if (co->comment_only != 0)
 		goto end;
+
+	if (rule->flags & IPFW_RULE_JUSTOPTS) {
+		state.flags |= HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP;
+		goto justopts;
+	}
+
 	print_proto(bp, fo, &state);
 
 	/* Print source */
@@ -2219,6 +2225,7 @@ show_static_rule(struct cmdline_opts *co, struct forma
 	print_address(bp, fo, &state, dst_opcodes, nitems(dst_opcodes),
 	    O_IP_DSTPORT, HAVE_DSTIP);
 
+justopts:
 	/* Print the rest of options */
 	while (print_opcode(bp, fo, &state, -1))
 		;
@@ -4340,8 +4347,10 @@ chkarg:
 		}
 	} else if (first_cmd != cmd) {
 		errx(EX_DATAERR, "invalid protocol ``%s''", *av);
-	} else
+	} else {
+		rule->flags |= IPFW_RULE_JUSTOPTS;
 		goto read_options;
+	}
     OR_BLOCK(get_proto);
 
 	/*

Modified: stable/11/sys/netinet/ip_fw.h
==============================================================================
--- stable/11/sys/netinet/ip_fw.h	Sun Nov 18 00:27:47 2018	(r340538)
+++ stable/11/sys/netinet/ip_fw.h	Sun Nov 18 00:28:56 2018	(r340539)
@@ -613,6 +613,7 @@ struct ip_fw_rule {
 	ipfw_insn	cmd[1];		/* storage for commands		*/
 };
 #define	IPFW_RULE_NOOPT		0x01	/* Has no options in body	*/
+#define	IPFW_RULE_JUSTOPTS	0x02	/* new format of rule body	*/
 
 /* Unaligned version */