ipfw -N show
Claudio Eichenberger
cei at yourshop.com
Tue Dec 11 16:55:50 UTC 2018
I didn't install anything. I applied the patches to this file /usr/src/sbin/ipfw/ipfw2.c compiled the kernel & booted
On 2018-12-11 17:22:32, Andrey V. Elsukov wrote:
> On 11.12.2018 16:01, Claudio Eichenberger wrote:
> > Hello Andrey,
> >
> > I applied both patches:
> >
> >
> > sigma# diff -u ipfw2.c-000 ipfw2.c
> > --- ipfw2.c-000 2018-12-11 13:01:01.370594000 +0100
> > +++ ipfw2.c 2018-12-11 13:04:25.132233000 +0100
> > @@ -1251,7 +1251,8 @@
> > (cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ?
> > 32 : contigmask((uint8_t *)&(a[1]), 32);
> > if (mb == 32 && co.do_resolv)
> > - he = gethostbyaddr((char *)&(a[0]), sizeof(u_long), AF_INET);
> > + he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t),
> > + AF_INET);
> > if (he != NULL) /* resolved to name */
> > bprintf(bp, "%s", he->h_name);
> > else if (mb == 0) /* any */
> > @@ -1492,6 +1493,7 @@
> > bprintf(bp, " %s", pe->p_name);
> > else
> > bprintf(bp, " %u", cmd->arg1);
> > + state->proto = cmd->arg1;
> > break;
> > case O_MACADDR2:
> > print_mac(bp, insntod(cmd, mac));
> > @@ -1963,10 +1965,10 @@
> > struct show_state *state)
> > {
> > ipfw_insn *cmd;
> > - int l, proto, ip4, ip6, tmp;
> > + int l, proto, ip4, ip6;
> >
> > /* Count all O_PROTO, O_IP4, O_IP6 instructions. */
> > - proto = tmp = ip4 = ip6 = 0;
> > + proto = ip4 = ip6 = 0;
> > for (l = state->rule->act_ofs, cmd = state->rule->cmd;
> > l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) {
> > switch (cmd->opcode) {
> > @@ -2002,18 +2004,13 @@
> > if (cmd == NULL || (cmd->len & F_OR))
> > for (l = proto; l > 0; l--) {
> > cmd = print_opcode(bp, fo, state, O_PROTO);
> > - if (cmd != NULL && (cmd->len & F_OR) == 0)
> > + if (cmd == NULL || (cmd->len & F_OR) == 0)
> > break;
> > - tmp = cmd->arg1;
> > }
> > /* Initialize proto, it is used by print_newports() */
> > - if (tmp != 0)
> > - state->proto = tmp;
> > - else if (ip6 != 0)
> > - state->proto = IPPROTO_IPV6;
> > - else
> > - state->proto = IPPROTO_IP;
> > state->flags |= HAVE_PROTO;
> > + if (state->proto == 0 && ip6 != 0)
> > + state->proto = IPPROTO_IPV6;
> > }
> >
> > static int
> >
> >
> > unfortunately, ipfw -N show still doesn't print the protocols:
> >
> > 00800 0 0 allow tcp from any to x.x.x.x 443 in recv bce0
> >
> Did you reinstall the patched version of ipfw(8)?
>
> # ipfw add count tcp from any to ya.ru 443 out xmit lagg0
> 00100 count tcp from any to 87.250.250.242 443 out xmit lagg0
> # ipfw -N show 100
> 00100 0 0 count tcp from any to ya.ru https out xmit lagg0
>
>
> --
> WBR, Andrey V. Elsukov
>
--
Tel +41 21 67 17 111
mailto:cei at yourshop.com
https://YourShop.com
"But Israel will be saved by the LORD with an everlasting salvation;
you will never be put to shame or disgraced, to ages everlasting."
-- Isaiah 45:17
https://www.youtube.com/DannyAyalon
More information about the freebsd-ipfw
mailing list