docs/178959: Incorrect column descriptions for `ipfw -a list` output in handbook

Kevin Zheng kevinz5000 at gmail.com
Fri May 24 23:10:00 UTC 2013 

>Number:         178959
>Category:       docs
>Synopsis:       Incorrect column descriptions for `ipfw -a list` output in handbook
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 24 23:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Kevin Zheng
>Release:        9.1-RELEASE-p3
>Organization:
>Environment:
FreeBSD sigma.local 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon Apr 29 18:11:52 UTC 2013     root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
The FreeBSD Handbook incorrectly documents the columns that appear as output to the `ipfw show` command (also `ipfw -a list`).

http://www.freebsd.org/doc/handbook/firewalls-ipfw.html

>From the Handbook: ~~~~~~~~~~~~~~~~~~~~
The next example lists accounting information and the packet count for matched rules along with the rules themselves. The first column is the rule number, followed by the number of outgoing matched packets, followed by the number of incoming matched packets, followed by the rule itself.

# ipfw -a list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The first column is indeed the rule number. The second column, however, is simply the amount of packets matched (in and out). Furthermore, the third column is a byte counter, not a packet counter. The fourth column is indeed the rule itself.

You can verify this in "/usr/src/sbin/ipfw/ipfw2.c" when you search for the function "ipfw_list". This is what you'll find:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/* if showing stats, figure out column widths ahead of time */
bcwidth = pcwidth = 0;
if (show_counters) {
	for (n = 0, r = data; n < nstat; n++, r = NEXT(r)) {
		/* skip rules from another set */
		if (co.use_set && r->set != co.use_set - 1)
			continue;

		/* packet counter */
		width = pr_u64(&r->pcnt, 0);
		if (width > pcwidth)
			pcwidth = width;

		/* byte counter */
		width = pr_u64(&r->bcnt, 0);
		if (width > bcwidth)
			bcwidth = width;
	}
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>How-To-Repeat:
Read the IPFW section in the FreeBSD Handbook.
>Fix:
The IPFW page in the Handbook should be corrected to reflect the correct purposes of the columns in `ipfw show` output.

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-doc mailing list