From owner-freebsd-ipfw@freebsd.org Tue Dec 11 14:25:00 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D0A811332FDB for ; Tue, 11 Dec 2018 14:25:00 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B1F0A705ED for ; Tue, 11 Dec 2018 14:24:59 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback15j.mail.yandex.net (mxback15j.mail.yandex.net [IPv6:2a02:6b8:0:1619::91]) by forward102j.mail.yandex.net (Yandex) with ESMTP id 9B7261E825CB; Tue, 11 Dec 2018 17:24:57 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback15j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id WjbP2OKGAH-Ovu8Bmnu; Tue, 11 Dec 2018 17:24:57 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1544538297; bh=4jZB8vs8MSXTCvxeXHRmUrBmkmQBA1mCzTdkgyVee/A=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=nbUZZdO+RgGrGqV6k6L0xZWXdlY7Zg55PT5wbWGvg31+huEaQ2HidY2d8D4pUHIAg 6YSsURVwpLiiUHJa8wT3kkkYl7Vul/m5fp48AxKqvh5cgAm7WQzoqno85tw3t2c+f+ xXVDMUDeA5EmZQKsr6JrdzXuQ5TJPt1qec4jHsn4= Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id FhlfZR2OXo-Ouoelw9T; Tue, 11 Dec 2018 17:24:56 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1544538296; bh=4jZB8vs8MSXTCvxeXHRmUrBmkmQBA1mCzTdkgyVee/A=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=G85ekgJJJP9peX9imGolaLcmz3MlBjWkp3U6+yqpAGI3pV3+wfUX1ahBWO9vHLxSs csj3NnEdC5Ddrpg8s4laKE02REDTWdbBkxPsJ/MQnKzlo6ahpZh0soU4d8g5oDMFdh Tw5bzm2ta4M11IWWyO0QniI/PS1xKWt5aHJDvpng= Authentication-Results: smtp3p.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: ipfw -N show To: Claudio Eichenberger Cc: freebsd-ipfw@freebsd.org References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> <20181211130145.GC4820@yourshop.com> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= xsBNBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAHNIkFuZHJleSBWLiBFbHN1a292IDxhZUBmcmVlYnNkLm9yZz7CwHsEEwECACUCGwMGCwkI BwMCBhUIAgkKCwQWAgMBAh4BAheABQJMB/ruAhkBAAoJEAHF6gQQyKF6MLwH/3Ri/TZl9uo0 SepYWXOnxL6EaDVXDA+dLb1eLKC4PRBBjX29ttQ0KaWapiE6y5/AfzOPmRtHLrHYHjd/aiHX GMLHcYRXD+5GvdkK8iMALrZ28X0JXyuuZa8rAxWIWmCbYHNSBy2unqWgTI04Erodk90IALgM 9JeHN9sFqTM6zalrMnTzlcmel4kcjT3lyYw3vOKgoYLtsLhKZSbJoVVVlvRlGBpHFJI5AoYJ SyfXoN0rcX6k9X7Isp2K50YjqxV4v78xluh1puhwZyC0p8IShPrmrp9Oy9JkMX90o6UAXdGU KfdExJuGJfUZOFBTtNIMNIAKfMTjhpRhxONIr0emxxDOwE0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAcLAXwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru> Date: Tue, 11 Dec 2018 17:22:32 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3 MIME-Version: 1.0 In-Reply-To: <20181211130145.GC4820@yourshop.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="YJrhiUc4tmIOH28VwYfoXg5Gkv4WGCKzk" X-Rspamd-Queue-Id: B1F0A705ED X-Spamd-Result: default: False [-7.94 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52]; FREEMAIL_FROM(0.00)[yandex.ru]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; MX_GOOD(-0.01)[cached: mx.yandex.ru]; DKIM_TRACE(0.00)[yandex.ru:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-1.00)[-0.997,0]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-1.73)[ipnet: 2a02:6b8::/32(-4.82), asn: 13238(-3.85), country: RU(0.01)]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[2.0.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; R_DKIM_ALLOW(-0.20)[yandex.ru]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 14:25:01 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --YJrhiUc4tmIOH28VwYfoXg5Gkv4WGCKzk Content-Type: multipart/mixed; boundary="nBwHhdq0zvbfx9v2r0UV4SodlyHmrItJA"; protected-headers="v1" From: "Andrey V. Elsukov" To: Claudio Eichenberger Cc: freebsd-ipfw@freebsd.org Message-ID: <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru> Subject: Re: ipfw -N show References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> <20181211130145.GC4820@yourshop.com> In-Reply-To: <20181211130145.GC4820@yourshop.com> --nBwHhdq0zvbfx9v2r0UV4SodlyHmrItJA Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 11.12.2018 16:01, Claudio Eichenberger wrote: > Hello Andrey, >=20 > I applied both patches: >=20 >=20 > sigma# diff -u ipfw2.c-000 ipfw2.c > --- ipfw2.c-000 2018-12-11 13:01:01.370594000 +0100 > +++ ipfw2.c 2018-12-11 13:04:25.132233000 +0100 > @@ -1251,7 +1251,8 @@ > (cmd->o.opcode =3D=3D O_IP_SRC || cmd->o.opcode =3D=3D O_IP_DST) = ? > 32 : contigmask((uint8_t *)&(a[1]), 32); > if (mb =3D=3D 32 && co.do_resolv) > - he =3D gethostbyaddr((char *)&(a[0]), sizeof(u_long), = AF_INET); > + he =3D gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t= ), > + AF_INET); > if (he !=3D NULL) /* resolved to name */ > bprintf(bp, "%s", he->h_name); > else if (mb =3D=3D 0) /* any */ > @@ -1492,6 +1493,7 @@ > bprintf(bp, " %s", pe->p_name); > else > bprintf(bp, " %u", cmd->arg1); > + state->proto =3D cmd->arg1; > break; > case O_MACADDR2: > print_mac(bp, insntod(cmd, mac)); > @@ -1963,10 +1965,10 @@ > struct show_state *state) > { > ipfw_insn *cmd; > - int l, proto, ip4, ip6, tmp; > + int l, proto, ip4, ip6; > =20 > /* Count all O_PROTO, O_IP4, O_IP6 instructions. */ > - proto =3D tmp =3D ip4 =3D ip6 =3D 0; > + proto =3D ip4 =3D ip6 =3D 0; > for (l =3D state->rule->act_ofs, cmd =3D state->rule->cmd; > l > 0; l -=3D F_LEN(cmd), cmd +=3D F_LEN(cmd)) { > switch (cmd->opcode) { > @@ -2002,18 +2004,13 @@ > if (cmd =3D=3D NULL || (cmd->len & F_OR)) > for (l =3D proto; l > 0; l--) { > cmd =3D print_opcode(bp, fo, state, O_PROTO); > - if (cmd !=3D NULL && (cmd->len & F_OR) =3D=3D = 0) > + if (cmd =3D=3D NULL || (cmd->len & F_OR) =3D=3D= 0) > break; > - tmp =3D cmd->arg1; > } > /* Initialize proto, it is used by print_newports() */ > - if (tmp !=3D 0) > - state->proto =3D tmp; > - else if (ip6 !=3D 0) > - state->proto =3D IPPROTO_IPV6; > - else > - state->proto =3D IPPROTO_IP; > state->flags |=3D HAVE_PROTO; > + if (state->proto =3D=3D 0 && ip6 !=3D 0) > + state->proto =3D IPPROTO_IPV6; > } > =20 > static int >=20 >=20 > unfortunately, ipfw -N show still doesn't print the protocols: >=20 > 00800 0 0 allow tcp from any to x.x.x.x 443 in recv bce0 >=20 Did you reinstall the patched version of ipfw(8)? # ipfw add count tcp from any to ya.ru 443 out xmit lagg0 00100 count tcp from any to 87.250.250.242 443 out xmit lagg0 # ipfw -N show 100 00100 0 0 count tcp from any to ya.ru https out xmit lagg0 --=20 WBR, Andrey V. Elsukov --nBwHhdq0zvbfx9v2r0UV4SodlyHmrItJA-- --YJrhiUc4tmIOH28VwYfoXg5Gkv4WGCKzk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlwPyCgACgkQAcXqBBDI oXpg8Qf/clXQEa/M5Ly/GKyCYnbYJjFg273bqhjajOsGdP37dyPhciFx7E7u/7lE MmgvH/UdBucLwtbzYkZXIfpYlQz6y/oZ2z2nvOhplGpYBCcM7kukXyHmq88PVkjN R6MYLiLjVDop6uk2CY6JH7cXiUVtBB6k5A7/g0zFeGiSmC2r1lQGk0vHXGm/MaQc hf04ikXqS+Ec22+iwDopqQ6ntUd3b+WIYk+5HWtAmHLNaBM+5oSQ+35/ENpBzvKq 6D2qT8bWgZwqkzMdFzkzEqUY1pjD/rpSlVOFanx4N1/CMVuz0j3HNzEAWQeilfnu QTYuNZDxv+1cIs2JI4yGiZxjP5JZBw== =P9pE -----END PGP SIGNATURE----- --YJrhiUc4tmIOH28VwYfoXg5Gkv4WGCKzk--