wrong output syntax in ipfw(8)

Ruslan Ermilov ru at FreeBSD.org
Fri Jun 11 11:24:18 GMT 2004 

On Fri, Jun 11, 2004 at 12:29:00PM +0300, Ruslan Ermilov wrote:
> Luigi,
> 
> While we're on the IPFW2 topic, I noticed one glitch when
> printing IPFW2 rules:
> 
> OK:
> 
> # ipfw add 1 count ip from { 1 or 2 } to any
> 00001 count ip from { 0.0.0.1 or 0.0.0.2 } to any
> 
> Wrong:
> 
> # ipfw add 1 count ip from any to { 1 or 2 }
> 00001 count ip from any to { 0.0.0.1 or dst-ip 0.0.0.2 }
> 
> This happens because when we get to printing the 0.0.0.2,
> all 3-tuple (proto, src-ip, and dst-ip) is already defined.
> As such, HAVE_OPTIONS is set, so " dst-ip" is prepended.
> Can you fix it, as I'm lost in debris of ipfw2.c?  ;)
> 
> P.S.  Yes, I'm well aware of the first paragraph of the
> ipfw(8) manpage.  ;)
> 
So far, I've come up with the following patch.  It's odd and
very hackish but seems to DTRT:

%%%
--- ipfw2.c~	Fri Jun 11 12:05:56 2004
+++ ipfw2.c	Fri Jun 11 13:01:13 2004
@@ -860,7 +860,7 @@ print_icmptypes(ipfw_insn_u32 *cmd)
 static void
 show_prerequisites(int *flags, int want, int cmd)
 {
-	if ( (*flags & HAVE_IP) == HAVE_IP)
+	if ( !cmd && (*flags & HAVE_IP) == HAVE_IP)
 		*flags |= HAVE_OPTIONS;
 
 	if ( (*flags & (HAVE_MAC|HAVE_MACTYPE|HAVE_OPTIONS)) == HAVE_MAC &&
@@ -1096,15 +1096,21 @@ show_ipfw(struct ip_fw *rule, int pcwidt
 		case O_IP_DST_MASK:
 		case O_IP_DST_ME:
 		case O_IP_DST_SET:
+		    {
+			int saved_flags = flags;
+
 			show_prerequisites(&flags, HAVE_PROTO|HAVE_SRCIP, 0);
 			if (!(flags & HAVE_DSTIP))
 				printf(" to");
 			if ((cmd->len & F_OR) && !or_block)
 				printf(" {");
+			if (or_block && !(saved_flags & HAVE_OPTIONS))
+				flags &= ~HAVE_OPTIONS;
 			print_ip((ipfw_insn_ip *)cmd,
 				(flags & HAVE_OPTIONS) ? " dst-ip" : "");
 			flags |= HAVE_DSTIP;
 			break;
+		    }
 
 		case O_IP_DSTPORT:
 			show_prerequisites(&flags, HAVE_IP, 0);
%%%

If someone has a better fix, please let me know.  ;)


Cheers,
-- 
Ruslan Ermilov
ru at FreeBSD.org
FreeBSD committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20040611/8c321642/attachment.bin

More information about the freebsd-ipfw mailing list