From owner-freebsd-ipfw Tue Jul 9 22:14: 0 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 27E4637B400 for ; Tue, 9 Jul 2002 22:13:56 -0700 (PDT) Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB6B643E42 for ; Tue, 9 Jul 2002 22:13:55 -0700 (PDT) (envelope-from rizzo@iguana.icir.org) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g6A5DlA91136; Tue, 9 Jul 2002 22:13:47 -0700 (PDT) (envelope-from rizzo) Date: Tue, 9 Jul 2002 22:13:47 -0700 From: Luigi Rizzo To: Dan Pelleg Cc: ipfw@freebsd.org Subject: Re: ipfw2 patches for -stable available Message-ID: <20020709221347.A91104@iguana.icir.org> References: <20020709023203.A83270@iguana.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from daniel+bsd@pelleg.org on Tue, Jul 09, 2002 at 10:19:26PM -0400 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Dan, thanks for the report: > I've only used it briefly. For now it looks ok, with the following observations: > > 1) the "icmptype" option doesn't seem to be supported the manpage lists "icmptypes" (plural) as the option keyword, though it is true that the previous code allowed abbreviations (but those could be ambiguous). I am not sure whether or not it is the case to fix it -- for sure i can add "icmptype" as an alias for "icmptypes" > 2) my "limit" rules are silently converted to "limit all" thanks, that was in fact only a bug in the code to print out the rule, the mask is correctly stored. Fixed. > 3) I'm getting lots of "/kernel: install_state: entry already present, > done" (related to (2)?). this one i cannot reproduce, do you have a small ruleset and input example to send me so i can try and reproduce the problem ? > 4) there's an extra space after "log" in the "ipfw show" output fixed, thanks. Diffs for bugs #1,2,4 are below. cheers luigi Index: ipfw2.c =================================================================== RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v retrieving revision 1.3 diff -u -r1.3 ipfw2.c --- ipfw2.c 8 Jul 2002 19:49:52 -0000 1.3 +++ ipfw2.c 10 Jul 2002 05:12:12 -0000 @@ -315,6 +315,7 @@ { "tcpseq", TOK_TCPSEQ }, { "tcpack", TOK_TCPACK }, { "tcpwin", TOK_TCPWIN }, + { "icmptype", TOK_ICMPTYPES }, { "icmptypes", TOK_ICMPTYPES }, { "not", TOK_NOT }, /* pseudo option */ @@ -850,9 +851,9 @@ } if (logptr) { if (logptr->max_log > 0) - printf(" log logamount %d ", logptr->max_log); + printf(" log logamount %d", logptr->max_log); else - printf(" log "); + printf(" log"); } /* * then print the body @@ -1066,7 +1067,7 @@ printf(" limit"); for ( ; p->x != 0 ; p++) - if (x & p->x) { + if ((x & p->x) == p->x) { x &= ~p->x; printf("%s%s", comma, p->s); comma = ","; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message