From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 11 11:24:17 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D590716A4D0 for ; Fri, 11 Jun 2004 11:24:17 +0000 (GMT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA20343D2D for ; Fri, 11 Jun 2004 11:24:16 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id i5BBTq9H024978 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 11 Jun 2004 14:29:54 +0300 (EEST) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i5BBNq3H001123; Fri, 11 Jun 2004 14:23:52 +0300 (EEST) (envelope-from ru) Date: Fri, 11 Jun 2004 14:23:51 +0300 From: Ruslan Ermilov To: Luigi Rizzo Message-ID: <20040611112351.GB434@ip.net.ua> References: <200406092010.i59KAcXH025699@repoman.freebsd.org> <20040610214059.GA3228@ip.net.ua> <200406110151.17372.max@love2party.net> <20040611072136.GB55472@ip.net.ua> <20040611021113.A73239@xorpc.icir.org> <20040611092900.GA434@ip.net.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="H1spWtNR+x+ondvy" Content-Disposition: inline In-Reply-To: <20040611092900.GA434@ip.net.ua> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: ipfw@FreeBSD.org Subject: Re: wrong output syntax in ipfw(8) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jun 2004 11:24:18 -0000 --H1spWtNR+x+ondvy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 11, 2004 at 12:29:00PM +0300, Ruslan Ermilov wrote: > Luigi, >=20 > While we're on the IPFW2 topic, I noticed one glitch when > printing IPFW2 rules: >=20 > OK: >=20 > # ipfw add 1 count ip from { 1 or 2 } to any > 00001 count ip from { 0.0.0.1 or 0.0.0.2 } to any >=20 > Wrong: >=20 > # ipfw add 1 count ip from any to { 1 or 2 } > 00001 count ip from any to { 0.0.0.1 or dst-ip 0.0.0.2 } >=20 > This happens because when we get to printing the 0.0.0.2, > all 3-tuple (proto, src-ip, and dst-ip) is already defined. > As such, HAVE_OPTIONS is set, so " dst-ip" is prepended. > Can you fix it, as I'm lost in debris of ipfw2.c? ;) >=20 > P.S. Yes, I'm well aware of the first paragraph of the > ipfw(8) manpage. ;) >=20 So far, I've come up with the following patch. It's odd and very hackish but seems to DTRT: %%% --- ipfw2.c~ Fri Jun 11 12:05:56 2004 +++ ipfw2.c Fri Jun 11 13:01:13 2004 @@ -860,7 +860,7 @@ print_icmptypes(ipfw_insn_u32 *cmd) static void show_prerequisites(int *flags, int want, int cmd) { - if ( (*flags & HAVE_IP) =3D=3D HAVE_IP) + if ( !cmd && (*flags & HAVE_IP) =3D=3D HAVE_IP) *flags |=3D HAVE_OPTIONS; =20 if ( (*flags & (HAVE_MAC|HAVE_MACTYPE|HAVE_OPTIONS)) =3D=3D HAVE_MAC && @@ -1096,15 +1096,21 @@ show_ipfw(struct ip_fw *rule, int pcwidt case O_IP_DST_MASK: case O_IP_DST_ME: case O_IP_DST_SET: + { + int saved_flags =3D flags; + show_prerequisites(&flags, HAVE_PROTO|HAVE_SRCIP, 0); if (!(flags & HAVE_DSTIP)) printf(" to"); if ((cmd->len & F_OR) && !or_block) printf(" {"); + if (or_block && !(saved_flags & HAVE_OPTIONS)) + flags &=3D ~HAVE_OPTIONS; print_ip((ipfw_insn_ip *)cmd, (flags & HAVE_OPTIONS) ? " dst-ip" : ""); flags |=3D HAVE_DSTIP; break; + } =20 case O_IP_DSTPORT: show_prerequisites(&flags, HAVE_IP, 0); %%% If someone has a better fix, please let me know. ;) Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --H1spWtNR+x+ondvy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAyZZHqRfpzJluFF4RArGjAJ0bbLQ41C3jMjdhlfHtQVYqaXh8+QCbBS9Y W2T7av7q6KhmO9Cmkjdg51o= =n29m -----END PGP SIGNATURE----- --H1spWtNR+x+ondvy--