Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Dec 2018 17:22:32 +0300
From:      "Andrey V. Elsukov" <bu7cher@yandex.ru>
To:        Claudio Eichenberger <cei@yourshop.com>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: ipfw -N show
Message-ID:  <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru>
In-Reply-To: <20181211130145.GC4820@yourshop.com>
References:  <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> <20181211130145.GC4820@yourshop.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--YJrhiUc4tmIOH28VwYfoXg5Gkv4WGCKzk
Content-Type: multipart/mixed; boundary="nBwHhdq0zvbfx9v2r0UV4SodlyHmrItJA";
 protected-headers="v1"
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: Claudio Eichenberger <cei@yourshop.com>
Cc: freebsd-ipfw@freebsd.org
Message-ID: <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru>
Subject: Re: ipfw -N show
References: <20181210142701.GA12120@yourshop.com>
 <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru>
 <20181211130145.GC4820@yourshop.com>
In-Reply-To: <20181211130145.GC4820@yourshop.com>

--nBwHhdq0zvbfx9v2r0UV4SodlyHmrItJA
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 11.12.2018 16:01, Claudio Eichenberger wrote:
> Hello Andrey,
>=20
> I applied both patches:
>=20
>=20
> 	sigma# diff -u ipfw2.c-000 ipfw2.c
> 	--- ipfw2.c-000 2018-12-11 13:01:01.370594000 +0100
> 	+++ ipfw2.c     2018-12-11 13:04:25.132233000 +0100
> 	@@ -1251,7 +1251,8 @@
> 		    (cmd->o.opcode =3D=3D O_IP_SRC || cmd->o.opcode =3D=3D O_IP_DST) =
?
> 			32 : contigmask((uint8_t *)&(a[1]), 32);
> 		if (mb =3D=3D 32 && co.do_resolv)
> 	-               he =3D gethostbyaddr((char *)&(a[0]), sizeof(u_long), =
AF_INET);
> 	+               he =3D gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t=
),
> 	+                   AF_INET);
> 		if (he !=3D NULL)         /* resolved to name */
> 			bprintf(bp, "%s", he->h_name);
> 		else if (mb =3D=3D 0)       /* any */
> 	@@ -1492,6 +1493,7 @@
> 				bprintf(bp, " %s", pe->p_name);
> 			else
> 				bprintf(bp, " %u", cmd->arg1);
> 	+               state->proto =3D cmd->arg1;
> 			break;
> 		case O_MACADDR2:
> 			print_mac(bp, insntod(cmd, mac));
> 	@@ -1963,10 +1965,10 @@
> 	     struct show_state *state)
> 	 {
> 		ipfw_insn *cmd;
> 	-       int l, proto, ip4, ip6, tmp;
> 	+       int l, proto, ip4, ip6;
> 	=20
> 		/* Count all O_PROTO, O_IP4, O_IP6 instructions. */
> 	-       proto =3D tmp =3D ip4 =3D ip6 =3D 0;
> 	+       proto =3D ip4 =3D ip6 =3D 0;
> 		for (l =3D state->rule->act_ofs, cmd =3D state->rule->cmd;
> 		    l > 0; l -=3D F_LEN(cmd), cmd +=3D F_LEN(cmd)) {
> 			switch (cmd->opcode) {
> 	@@ -2002,18 +2004,13 @@
> 		if (cmd =3D=3D NULL || (cmd->len & F_OR))
> 			for (l =3D proto; l > 0; l--) {
> 				cmd =3D print_opcode(bp, fo, state, O_PROTO);
> 	-                       if (cmd !=3D NULL && (cmd->len & F_OR) =3D=3D =
0)
> 	+                       if (cmd =3D=3D NULL || (cmd->len & F_OR) =3D=3D=
 0)
> 					break;
> 	-                       tmp =3D cmd->arg1;
> 			}
> 		/* Initialize proto, it is used by print_newports() */
> 	-       if (tmp !=3D 0)
> 	-               state->proto =3D tmp;
> 	-       else if (ip6 !=3D 0)
> 	-               state->proto =3D IPPROTO_IPV6;
> 	-       else
> 	-               state->proto =3D IPPROTO_IP;
> 		state->flags |=3D HAVE_PROTO;
> 	+       if (state->proto =3D=3D 0 && ip6 !=3D 0)
> 	+               state->proto =3D IPPROTO_IPV6;
> 	 }
> 	=20
> 	 static int
>=20
>=20
> unfortunately,	  ipfw -N show	 still doesn't print the protocols:
>=20
> 	00800	0     0 allow tcp from any to x.x.x.x 443 in recv bce0
>=20
Did you reinstall the patched version of ipfw(8)?

# ipfw add count tcp from any to ya.ru 443 out xmit lagg0
00100 count tcp from any to 87.250.250.242 443 out xmit lagg0
# ipfw -N show 100
00100     0       0 count tcp from any to ya.ru https out xmit lagg0


--=20
WBR, Andrey V. Elsukov


--nBwHhdq0zvbfx9v2r0UV4SodlyHmrItJA--

--YJrhiUc4tmIOH28VwYfoXg5Gkv4WGCKzk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlwPyCgACgkQAcXqBBDI
oXpg8Qf/clXQEa/M5Ly/GKyCYnbYJjFg273bqhjajOsGdP37dyPhciFx7E7u/7lE
MmgvH/UdBucLwtbzYkZXIfpYlQz6y/oZ2z2nvOhplGpYBCcM7kukXyHmq88PVkjN
R6MYLiLjVDop6uk2CY6JH7cXiUVtBB6k5A7/g0zFeGiSmC2r1lQGk0vHXGm/MaQc
hf04ikXqS+Ec22+iwDopqQ6ntUd3b+WIYk+5HWtAmHLNaBM+5oSQ+35/ENpBzvKq
6D2qT8bWgZwqkzMdFzkzEqUY1pjD/rpSlVOFanx4N1/CMVuz0j3HNzEAWQeilfnu
QTYuNZDxv+1cIs2JI4yGiZxjP5JZBw==
=P9pE
-----END PGP SIGNATURE-----

--YJrhiUc4tmIOH28VwYfoXg5Gkv4WGCKzk--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?396f3a36-9108-1a97-76de-7de6931fb984>