svn commit: r319795 - head/contrib/ipfilter/tools

Cy Schubert Cy.Schubert at komquats.com
Sat Jun 10 17:15:54 UTC 2017 

In message <201706101705.v5AH5Eep078148 at repo.freebsd.org>, Cy Schubert 
writes:
> Author: cy
> Date: Sat Jun 10 17:05:14 2017
> New Revision: 319795
> URL: https://svnweb.freebsd.org/changeset/base/319795
> 
> Log:
>   Disable the -O (output fields) option in poollist() (ippool -l) for
>   now. The option does not presently work. However, similar functions in
>   ipfstat (for state) and ipnat (for nat) do work and provide outputs that
>   can be easily parsed by shell scripts or subsequently loaded into CSV
>   files.  The intention here is to return to this option to make it work.
>   I suspect the problem is in printpoolfields.c.
> 
> Modified:
>   head/contrib/ipfilter/tools/ippool.c
> 
> Modified: head/contrib/ipfilter/tools/ippool.c
> =============================================================================
> =
> --- head/contrib/ipfilter/tools/ippool.c	Sat Jun 10 16:42:39 2017
> 	(r319794)
> +++ head/contrib/ipfilter/tools/ippool.c	Sat Jun 10 17:05:14 2017
> 	(r319795)
> @@ -79,7 +79,7 @@ usage(prog)
>  	fprintf(stderr, "\t-A [-dnv] [-m <name>] [-o <role>] [-S <seed>] [-t <t
> ype>]\n");
>  	fprintf(stderr, "\t-f <file> [-dnuv]\n");
>  	fprintf(stderr, "\t-F [-dv] [-o <role>] [-t <type>]\n");
> -	fprintf(stderr, "\t-l [-dv] [-m <name>] [-t <type>] [-O <fields>]\n");
> +	fprintf(stderr, "\t-l [-dv] [-m <name>] [-t <type>]\n");
>  	fprintf(stderr, "\t-r [-dnv] [-m <name>] [-o <role>] [-t type] -i <ipad
> dr>[/netmask]\n");
>  	fprintf(stderr, "\t-R [-dnv] [-m <name>] [-o <role>] [-t <type>]\n");
>  	fprintf(stderr, "\t-s [-dtv] [-M <core>] [-N <namelist>]\n");
> @@ -687,9 +687,16 @@ poollist(argc, argv)
>  				return -1;
>  			}
>  			break;
> +#if 0
>  		case 'O' :
> +			/* XXX This option does not work. This function as  */
> +			/* XXX used by state and nat can be used to format  */
> +			/* XXX output especially useful for scripting. It   */
> +			/* XXX is left here with the intention of making    */
> +			/* XXX it work for the same purpose at some point.  */
>  			pool_fields = parsefields(poolfields, optarg);
>  			break;
> +#endif
>  		case 't' :
>  			type = gettype(optarg, NULL);
>  			if (type == IPLT_NONE) {
> 

There is other higher priority breakage in ippool that needs to be 
addressed first before going down this rabbit hole. Addressing this now 
would delay addressing other general parsing issues and the problem in 
radix_ipf whereby only the first 32 bits of an IP address are compared to 
determine if an IP address can be added to a table, meaning that even 
though IPv6 is generally supported by most of ippool handling in the 
kernel, it is not effectively supported by because of this. So, disabling 
of this option for now until larger issues in ippool userspace and kernel 
can be addressed first.


-- 
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX:  <cy at FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.

More information about the svn-src-all mailing list