ipfw -N show

Tue Dec 11 14:25:01 UTC 2018

On 11.12.2018 16:01, Claudio Eichenberger wrote:
> Hello Andrey,
> 
> I applied both patches:
> 
> 
> 	sigma# diff -u ipfw2.c-000 ipfw2.c
> 	--- ipfw2.c-000 2018-12-11 13:01:01.370594000 +0100
> 	+++ ipfw2.c     2018-12-11 13:04:25.132233000 +0100
> 	@@ -1251,7 +1251,8 @@
> 		    (cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ?
> 			32 : contigmask((uint8_t *)&(a[1]), 32);
> 		if (mb == 32 && co.do_resolv)
> 	-               he = gethostbyaddr((char *)&(a[0]), sizeof(u_long), AF_INET);
> 	+               he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t),
> 	+                   AF_INET);
> 		if (he != NULL)         /* resolved to name */
> 			bprintf(bp, "%s", he->h_name);
> 		else if (mb == 0)       /* any */
> 	@@ -1492,6 +1493,7 @@
> 				bprintf(bp, " %s", pe->p_name);
> 			else
> 				bprintf(bp, " %u", cmd->arg1);
> 	+               state->proto = cmd->arg1;
> 			break;
> 		case O_MACADDR2:
> 			print_mac(bp, insntod(cmd, mac));
> 	@@ -1963,10 +1965,10 @@
> 	     struct show_state *state)
> 	 {
> 		ipfw_insn *cmd;
> 	-       int l, proto, ip4, ip6, tmp;
> 	+       int l, proto, ip4, ip6;
> 	 
> 		/* Count all O_PROTO, O_IP4, O_IP6 instructions. */
> 	-       proto = tmp = ip4 = ip6 = 0;
> 	+       proto = ip4 = ip6 = 0;
> 		for (l = state->rule->act_ofs, cmd = state->rule->cmd;
> 		    l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) {
> 			switch (cmd->opcode) {
> 	@@ -2002,18 +2004,13 @@
> 		if (cmd == NULL || (cmd->len & F_OR))
> 			for (l = proto; l > 0; l--) {
> 				cmd = print_opcode(bp, fo, state, O_PROTO);
> 	-                       if (cmd != NULL && (cmd->len & F_OR) == 0)
> 	+                       if (cmd == NULL || (cmd->len & F_OR) == 0)
> 					break;
> 	-                       tmp = cmd->arg1;
> 			}
> 		/* Initialize proto, it is used by print_newports() */
> 	-       if (tmp != 0)
> 	-               state->proto = tmp;
> 	-       else if (ip6 != 0)
> 	-               state->proto = IPPROTO_IPV6;
> 	-       else
> 	-               state->proto = IPPROTO_IP;
> 		state->flags |= HAVE_PROTO;
> 	+       if (state->proto == 0 && ip6 != 0)
> 	+               state->proto = IPPROTO_IPV6;
> 	 }
> 	 
> 	 static int
> 
> 
> unfortunately,	  ipfw -N show	 still doesn't print the protocols:
> 
> 	00800	0     0 allow tcp from any to x.x.x.x 443 in recv bce0
> 
Did you reinstall the patched version of ipfw(8)?

# ipfw add count tcp from any to ya.ru 443 out xmit lagg0
00100 count tcp from any to 87.250.250.242 443 out xmit lagg0
# ipfw -N show 100
00100     0       0 count tcp from any to ya.ru https out xmit lagg0


-- 
WBR, Andrey V. Elsukov

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20181211/9bd51f52/attachment.sig>