Date: Tue, 11 Dec 2018 17:55:34 +0100 From: Claudio Eichenberger <cei@yourshop.com> To: "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw -N show Message-ID: <20181211165534.GA13363@yourshop.com> In-Reply-To: <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru> References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> <20181211130145.GC4820@yourshop.com> <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
I didn't install anything. I applied the patches to this file /usr/src/sbin/ipfw/ipfw2.c compiled the kernel & booted On 2018-12-11 17:22:32, Andrey V. Elsukov wrote: > On 11.12.2018 16:01, Claudio Eichenberger wrote: > > Hello Andrey, > > > > I applied both patches: > > > > > > sigma# diff -u ipfw2.c-000 ipfw2.c > > --- ipfw2.c-000 2018-12-11 13:01:01.370594000 +0100 > > +++ ipfw2.c 2018-12-11 13:04:25.132233000 +0100 > > @@ -1251,7 +1251,8 @@ > > (cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ? > > 32 : contigmask((uint8_t *)&(a[1]), 32); > > if (mb == 32 && co.do_resolv) > > - he = gethostbyaddr((char *)&(a[0]), sizeof(u_long), AF_INET); > > + he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t), > > + AF_INET); > > if (he != NULL) /* resolved to name */ > > bprintf(bp, "%s", he->h_name); > > else if (mb == 0) /* any */ > > @@ -1492,6 +1493,7 @@ > > bprintf(bp, " %s", pe->p_name); > > else > > bprintf(bp, " %u", cmd->arg1); > > + state->proto = cmd->arg1; > > break; > > case O_MACADDR2: > > print_mac(bp, insntod(cmd, mac)); > > @@ -1963,10 +1965,10 @@ > > struct show_state *state) > > { > > ipfw_insn *cmd; > > - int l, proto, ip4, ip6, tmp; > > + int l, proto, ip4, ip6; > > > > /* Count all O_PROTO, O_IP4, O_IP6 instructions. */ > > - proto = tmp = ip4 = ip6 = 0; > > + proto = ip4 = ip6 = 0; > > for (l = state->rule->act_ofs, cmd = state->rule->cmd; > > l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) { > > switch (cmd->opcode) { > > @@ -2002,18 +2004,13 @@ > > if (cmd == NULL || (cmd->len & F_OR)) > > for (l = proto; l > 0; l--) { > > cmd = print_opcode(bp, fo, state, O_PROTO); > > - if (cmd != NULL && (cmd->len & F_OR) == 0) > > + if (cmd == NULL || (cmd->len & F_OR) == 0) > > break; > > - tmp = cmd->arg1; > > } > > /* Initialize proto, it is used by print_newports() */ > > - if (tmp != 0) > > - state->proto = tmp; > > - else if (ip6 != 0) > > - state->proto = IPPROTO_IPV6; > > - else > > - state->proto = IPPROTO_IP; > > state->flags |= HAVE_PROTO; > > + if (state->proto == 0 && ip6 != 0) > > + state->proto = IPPROTO_IPV6; > > } > > > > static int > > > > > > unfortunately, ipfw -N show still doesn't print the protocols: > > > > 00800 0 0 allow tcp from any to x.x.x.x 443 in recv bce0 > > > Did you reinstall the patched version of ipfw(8)? > > # ipfw add count tcp from any to ya.ru 443 out xmit lagg0 > 00100 count tcp from any to 87.250.250.242 443 out xmit lagg0 > # ipfw -N show 100 > 00100 0 0 count tcp from any to ya.ru https out xmit lagg0 > > > -- > WBR, Andrey V. Elsukov > -- Tel +41 21 67 17 111 mailto:cei@yourshop.com https://YourShop.com "But Israel will be saved by the LORD with an everlasting salvation; you will never be put to shame or disgraced, to ages everlasting." -- Isaiah 45:17 https://www.youtube.com/DannyAyalon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181211165534.GA13363>