Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Dec 2018 14:01:45 +0100
From:      Claudio Eichenberger <cei@yourshop.com>
To:        "Andrey V. Elsukov" <bu7cher@yandex.ru>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: ipfw -N show
Message-ID:  <20181211130145.GC4820@yourshop.com>
In-Reply-To: <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru>
References:  <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hello Andrey,

I applied both patches:


	sigma# diff -u ipfw2.c-000 ipfw2.c
	--- ipfw2.c-000 2018-12-11 13:01:01.370594000 +0100
	+++ ipfw2.c     2018-12-11 13:04:25.132233000 +0100
	@@ -1251,7 +1251,8 @@
		    (cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ?
			32 : contigmask((uint8_t *)&(a[1]), 32);
		if (mb == 32 && co.do_resolv)
	-               he = gethostbyaddr((char *)&(a[0]), sizeof(u_long), AF_INET);
	+               he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t),
	+                   AF_INET);
		if (he != NULL)         /* resolved to name */
			bprintf(bp, "%s", he->h_name);
		else if (mb == 0)       /* any */
	@@ -1492,6 +1493,7 @@
				bprintf(bp, " %s", pe->p_name);
			else
				bprintf(bp, " %u", cmd->arg1);
	+               state->proto = cmd->arg1;
			break;
		case O_MACADDR2:
			print_mac(bp, insntod(cmd, mac));
	@@ -1963,10 +1965,10 @@
	     struct show_state *state)
	 {
		ipfw_insn *cmd;
	-       int l, proto, ip4, ip6, tmp;
	+       int l, proto, ip4, ip6;
	 
		/* Count all O_PROTO, O_IP4, O_IP6 instructions. */
	-       proto = tmp = ip4 = ip6 = 0;
	+       proto = ip4 = ip6 = 0;
		for (l = state->rule->act_ofs, cmd = state->rule->cmd;
		    l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) {
			switch (cmd->opcode) {
	@@ -2002,18 +2004,13 @@
		if (cmd == NULL || (cmd->len & F_OR))
			for (l = proto; l > 0; l--) {
				cmd = print_opcode(bp, fo, state, O_PROTO);
	-                       if (cmd != NULL && (cmd->len & F_OR) == 0)
	+                       if (cmd == NULL || (cmd->len & F_OR) == 0)
					break;
	-                       tmp = cmd->arg1;
			}
		/* Initialize proto, it is used by print_newports() */
	-       if (tmp != 0)
	-               state->proto = tmp;
	-       else if (ip6 != 0)
	-               state->proto = IPPROTO_IPV6;
	-       else
	-               state->proto = IPPROTO_IP;
		state->flags |= HAVE_PROTO;
	+       if (state->proto == 0 && ip6 != 0)
	+               state->proto = IPPROTO_IPV6;
	 }
	 
	 static int


unfortunately,	  ipfw -N show	 still doesn't print the protocols:

	00800	0     0 allow tcp from any to x.x.x.x 443 in recv bce0


Claudio



On 2018-12-10 19:25:11, Andrey V. Elsukov wrote:
> On 10.12.2018 17:27, Claudio Eichenberger wrote:
> > Hello,
> > 
> > ipfw -N show
> > FreeBSD 11.1  was like this:
> >	00600  712189	84865042 allow tcp from any to x.x.x.x dst-port https in recv bce0
> > FreeBSD 11.2  is like this:
> >	00600  712189	84865042 allow tcp from any to x.x.x.x 443 in recv bce0
> > Does a flag exist to make it report the the old way?
> > Many thanks in advance for your answer
> 
> Hi,
> 
> I just committed two fixes that should solve your problem:
>	https://svnweb.freebsd.org/base/head/sbin/ipfw/ipfw2.c?view=log
> 
> You can try to apply some of latest patches from this commit log to your
> source code and then test.
> 
> -- 
> WBR, Andrey V. Elsukov
> 




-- 
Tel +41 21 67 17 111
mailto:cei@yourshop.com
https://YourShop.com
 

    "But Israel will be saved by the LORD with an everlasting salvation;
     you will never be put to shame or disgraced, to ages everlasting."
			-- Isaiah 45:17


https://www.youtube.com/DannyAyalon






Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20181211130145.GC4820>