From owner-freebsd-ipfw@freebsd.org Tue Dec 11 13:01:48 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8181013309B7 for ; Tue, 11 Dec 2018 13:01:48 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from gamma.yourshop.com (gamma.yourshop.com [212.74.185.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9C1E96DD79 for ; Tue, 11 Dec 2018 13:01:47 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from yourshop.com (localhost [127.0.0.1]) by gamma.yourshop.com (8.15.2/8.15.2) with ESMTP id wBBD1jwo009026; Tue, 11 Dec 2018 14:01:45 +0100 (CET) (envelope-from cei@yourshop.com) Received: (from cei@localhost) by yourshop.com (8.15.2/8.15.2/Submit) id wBBD1jSp009025; Tue, 11 Dec 2018 14:01:45 +0100 (CET) (envelope-from cei) Date: Tue, 11 Dec 2018 14:01:45 +0100 From: Claudio Eichenberger To: "Andrey V. Elsukov" Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw -N show Message-ID: <20181211130145.GC4820@yourshop.com> References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> X-Rspamd-Queue-Id: 9C1E96DD79 X-Spamd-Result: default: False [-1.07 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.35)[-0.349,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.74.185.45]; NEURAL_HAM_LONG(-0.88)[-0.882,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[yourshop.com]; NEURAL_SPAM_SHORT(0.48)[0.479,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mail.yourshop.com]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-0.01)[country: CH(-0.03)]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:12651, ipnet:212.74.128.0/18, country:CH]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 13:01:48 -0000 Hello Andrey, I applied both patches: sigma# diff -u ipfw2.c-000 ipfw2.c --- ipfw2.c-000 2018-12-11 13:01:01.370594000 +0100 +++ ipfw2.c 2018-12-11 13:04:25.132233000 +0100 @@ -1251,7 +1251,8 @@ (cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ? 32 : contigmask((uint8_t *)&(a[1]), 32); if (mb == 32 && co.do_resolv) - he = gethostbyaddr((char *)&(a[0]), sizeof(u_long), AF_INET); + he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t), + AF_INET); if (he != NULL) /* resolved to name */ bprintf(bp, "%s", he->h_name); else if (mb == 0) /* any */ @@ -1492,6 +1493,7 @@ bprintf(bp, " %s", pe->p_name); else bprintf(bp, " %u", cmd->arg1); + state->proto = cmd->arg1; break; case O_MACADDR2: print_mac(bp, insntod(cmd, mac)); @@ -1963,10 +1965,10 @@ struct show_state *state) { ipfw_insn *cmd; - int l, proto, ip4, ip6, tmp; + int l, proto, ip4, ip6; /* Count all O_PROTO, O_IP4, O_IP6 instructions. */ - proto = tmp = ip4 = ip6 = 0; + proto = ip4 = ip6 = 0; for (l = state->rule->act_ofs, cmd = state->rule->cmd; l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) { switch (cmd->opcode) { @@ -2002,18 +2004,13 @@ if (cmd == NULL || (cmd->len & F_OR)) for (l = proto; l > 0; l--) { cmd = print_opcode(bp, fo, state, O_PROTO); - if (cmd != NULL && (cmd->len & F_OR) == 0) + if (cmd == NULL || (cmd->len & F_OR) == 0) break; - tmp = cmd->arg1; } /* Initialize proto, it is used by print_newports() */ - if (tmp != 0) - state->proto = tmp; - else if (ip6 != 0) - state->proto = IPPROTO_IPV6; - else - state->proto = IPPROTO_IP; state->flags |= HAVE_PROTO; + if (state->proto == 0 && ip6 != 0) + state->proto = IPPROTO_IPV6; } static int unfortunately, ipfw -N show still doesn't print the protocols: 00800 0 0 allow tcp from any to x.x.x.x 443 in recv bce0 Claudio On 2018-12-10 19:25:11, Andrey V. Elsukov wrote: > On 10.12.2018 17:27, Claudio Eichenberger wrote: > > Hello, > > > > ipfw -N show > > FreeBSD 11.1 was like this: > > 00600 712189 84865042 allow tcp from any to x.x.x.x dst-port https in recv bce0 > > FreeBSD 11.2 is like this: > > 00600 712189 84865042 allow tcp from any to x.x.x.x 443 in recv bce0 > > Does a flag exist to make it report the the old way? > > Many thanks in advance for your answer > > Hi, > > I just committed two fixes that should solve your problem: > https://svnweb.freebsd.org/base/head/sbin/ipfw/ipfw2.c?view=log > > You can try to apply some of latest patches from this commit log to your > source code and then test. > > -- > WBR, Andrey V. Elsukov > -- Tel +41 21 67 17 111 mailto:cei@yourshop.com https://YourShop.com "But Israel will be saved by the LORD with an everlasting salvation; you will never be put to shame or disgraced, to ages everlasting." -- Isaiah 45:17 https://www.youtube.com/DannyAyalon