svn commit: r205179 - head/sbin/ipfw

Luigi Rizzo luigi at FreeBSD.org
Mon Mar 15 18:20:52 UTC 2010 

Author: luigi
Date: Mon Mar 15 18:20:51 2010
New Revision: 205179
URL: http://svn.freebsd.org/changeset/base/205179

Log:
  print correctly commands of the form
  
  	ipfw add 100 allow ip from { 1.2.3.4 or 5.6.7.8 }
  
  (note that the above example could be better written as
  
  	ipfw add 100 allow dst-ip 1.2.3.4,5.6.7.8
  
  Submitted by:	Riccardo Panicucci

Modified:
  head/sbin/ipfw/ipfw2.c

Modified: head/sbin/ipfw/ipfw2.c
==============================================================================
--- head/sbin/ipfw/ipfw2.c	Mon Mar 15 18:09:21 2010	(r205178)
+++ head/sbin/ipfw/ipfw2.c	Mon Mar 15 18:20:51 2010	(r205179)
@@ -921,9 +921,9 @@ print_icmptypes(ipfw_insn_u32 *cmd)
 #define	HAVE_DSTIP	0x0004
 #define	HAVE_PROTO4	0x0008
 #define	HAVE_PROTO6	0x0010
+#define	HAVE_IP		0x0100
 #define	HAVE_OPTIONS	0x8000
 
-#define	HAVE_IP		(HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP)
 static void
 show_prerequisites(int *flags, int want, int cmd __unused)
 {
@@ -1024,7 +1024,9 @@ show_ipfw(struct ip_fw *rule, int pcwidt
 		switch(cmd->opcode) {
 		case O_CHECK_STATE:
 			printf("check-state");
-			flags = HAVE_IP; /* avoid printing anything else */
+			/* avoid printing anything else */
+			flags = HAVE_PROTO | HAVE_SRCIP |
+				HAVE_DSTIP | HAVE_IP;
 			break;
 
 		case O_ACCEPT:
@@ -1164,7 +1166,8 @@ show_ipfw(struct ip_fw *rule, int pcwidt
 			show_prerequisites(&flags, HAVE_PROTO, 0);
 			printf(" from any to any");
 		}
-		flags |= HAVE_IP | HAVE_OPTIONS;
+		flags |= HAVE_IP | HAVE_OPTIONS | HAVE_PROTO |
+			 HAVE_SRCIP | HAVE_DSTIP;
 	}
 
 	if (co.comment_only)
@@ -1253,9 +1256,12 @@ show_ipfw(struct ip_fw *rule, int pcwidt
 		break;
 
 		case O_IP_DSTPORT:
-			show_prerequisites(&flags, HAVE_IP, 0);
+			show_prerequisites(&flags,
+				HAVE_PROTO | HAVE_SRCIP |
+				HAVE_DSTIP | HAVE_IP, 0);
 		case O_IP_SRCPORT:
-			show_prerequisites(&flags, HAVE_PROTO|HAVE_SRCIP, 0);
+			show_prerequisites(&flags,
+				HAVE_PROTO | HAVE_SRCIP, 0);
 			if ((cmd->len & F_OR) && !or_block)
 				printf(" {");
 			if (cmd->len & F_NOT)
@@ -1276,7 +1282,8 @@ show_ipfw(struct ip_fw *rule, int pcwidt
 			if ((flags & (HAVE_PROTO4 | HAVE_PROTO6)) &&
 			    !(flags & HAVE_PROTO))
 				show_prerequisites(&flags,
-				    HAVE_IP | HAVE_OPTIONS, 0);
+				    HAVE_PROTO | HAVE_IP | HAVE_SRCIP |
+				    HAVE_DSTIP | HAVE_OPTIONS, 0);
 			if (flags & HAVE_OPTIONS)
 				printf(" proto");
 			if (pe)
@@ -1294,7 +1301,8 @@ show_ipfw(struct ip_fw *rule, int pcwidt
 				    ((cmd->opcode == O_IP4) &&
 				    (flags & HAVE_PROTO4)))
 					break;
-			show_prerequisites(&flags, HAVE_IP | HAVE_OPTIONS, 0);
+			show_prerequisites(&flags, HAVE_PROTO | HAVE_SRCIP |
+				    HAVE_DSTIP | HAVE_IP | HAVE_OPTIONS, 0);
 			if ((cmd->len & F_OR) && !or_block)
 				printf(" {");
 			if (cmd->len & F_NOT && cmd->opcode != O_IN)
@@ -1548,7 +1556,8 @@ show_ipfw(struct ip_fw *rule, int pcwidt
 			or_block = 0;
 		}
 	}
-	show_prerequisites(&flags, HAVE_IP, 0);
+	show_prerequisites(&flags, HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP
+				              | HAVE_IP, 0);
 	if (comment)
 		printf(" // %s", comment);
 	printf("\n");

More information about the svn-src-head mailing list