svn commit: r340539 - in stable/11: sbin/ipfw sys/netinet

Andrey V. Elsukov ae at FreeBSD.org
Sun Nov 18 00:28:58 UTC 2018 

Author: ae
Date: Sun Nov 18 00:28:56 2018
New Revision: 340539
URL: https://svnweb.freebsd.org/changeset/base/340539

Log:
  MFC r339539:
    Add IPFW_RULE_JUSTOPTS flag, that is used by ipfw(8) to mark rule,
    that was added using "new rule format". And then, when the kernel
    returns rule with this flag, ipfw(8) can correctly show it.
  
    Reported by:	lev
    Sponsored by:	Yandex LLC
    Differential Revision:	https://reviews.freebsd.org/D17373

Modified:
  stable/11/sbin/ipfw/ipfw2.c
  stable/11/sys/netinet/ip_fw.h
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sbin/ipfw/ipfw2.c
==============================================================================
--- stable/11/sbin/ipfw/ipfw2.c	Sun Nov 18 00:27:47 2018	(r340538)
+++ stable/11/sbin/ipfw/ipfw2.c	Sun Nov 18 00:28:56 2018	(r340539)
@@ -2207,6 +2207,12 @@ show_static_rule(struct cmdline_opts *co, struct forma
 	 */
 	if (co->comment_only != 0)
 		goto end;
+
+	if (rule->flags & IPFW_RULE_JUSTOPTS) {
+		state.flags |= HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP;
+		goto justopts;
+	}
+
 	print_proto(bp, fo, &state);
 
 	/* Print source */
@@ -2219,6 +2225,7 @@ show_static_rule(struct cmdline_opts *co, struct forma
 	print_address(bp, fo, &state, dst_opcodes, nitems(dst_opcodes),
 	    O_IP_DSTPORT, HAVE_DSTIP);
 
+justopts:
 	/* Print the rest of options */
 	while (print_opcode(bp, fo, &state, -1))
 		;
@@ -4340,8 +4347,10 @@ chkarg:
 		}
 	} else if (first_cmd != cmd) {
 		errx(EX_DATAERR, "invalid protocol ``%s''", *av);
-	} else
+	} else {
+		rule->flags |= IPFW_RULE_JUSTOPTS;
 		goto read_options;
+	}
     OR_BLOCK(get_proto);
 
 	/*

Modified: stable/11/sys/netinet/ip_fw.h
==============================================================================
--- stable/11/sys/netinet/ip_fw.h	Sun Nov 18 00:27:47 2018	(r340538)
+++ stable/11/sys/netinet/ip_fw.h	Sun Nov 18 00:28:56 2018	(r340539)
@@ -613,6 +613,7 @@ struct ip_fw_rule {
 	ipfw_insn	cmd[1];		/* storage for commands		*/
 };
 #define	IPFW_RULE_NOOPT		0x01	/* Has no options in body	*/
+#define	IPFW_RULE_JUSTOPTS	0x02	/* new format of rule body	*/
 
 /* Unaligned version */

More information about the svn-src-stable mailing list