ipfw -N show
Claudio Eichenberger
cei at yourshop.com
Tue Dec 11 13:01:48 UTC 2018
Hello Andrey,
I applied both patches:
sigma# diff -u ipfw2.c-000 ipfw2.c
--- ipfw2.c-000 2018-12-11 13:01:01.370594000 +0100
+++ ipfw2.c 2018-12-11 13:04:25.132233000 +0100
@@ -1251,7 +1251,8 @@
(cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ?
32 : contigmask((uint8_t *)&(a[1]), 32);
if (mb == 32 && co.do_resolv)
- he = gethostbyaddr((char *)&(a[0]), sizeof(u_long), AF_INET);
+ he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t),
+ AF_INET);
if (he != NULL) /* resolved to name */
bprintf(bp, "%s", he->h_name);
else if (mb == 0) /* any */
@@ -1492,6 +1493,7 @@
bprintf(bp, " %s", pe->p_name);
else
bprintf(bp, " %u", cmd->arg1);
+ state->proto = cmd->arg1;
break;
case O_MACADDR2:
print_mac(bp, insntod(cmd, mac));
@@ -1963,10 +1965,10 @@
struct show_state *state)
{
ipfw_insn *cmd;
- int l, proto, ip4, ip6, tmp;
+ int l, proto, ip4, ip6;
/* Count all O_PROTO, O_IP4, O_IP6 instructions. */
- proto = tmp = ip4 = ip6 = 0;
+ proto = ip4 = ip6 = 0;
for (l = state->rule->act_ofs, cmd = state->rule->cmd;
l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) {
switch (cmd->opcode) {
@@ -2002,18 +2004,13 @@
if (cmd == NULL || (cmd->len & F_OR))
for (l = proto; l > 0; l--) {
cmd = print_opcode(bp, fo, state, O_PROTO);
- if (cmd != NULL && (cmd->len & F_OR) == 0)
+ if (cmd == NULL || (cmd->len & F_OR) == 0)
break;
- tmp = cmd->arg1;
}
/* Initialize proto, it is used by print_newports() */
- if (tmp != 0)
- state->proto = tmp;
- else if (ip6 != 0)
- state->proto = IPPROTO_IPV6;
- else
- state->proto = IPPROTO_IP;
state->flags |= HAVE_PROTO;
+ if (state->proto == 0 && ip6 != 0)
+ state->proto = IPPROTO_IPV6;
}
static int
unfortunately, ipfw -N show still doesn't print the protocols:
00800 0 0 allow tcp from any to x.x.x.x 443 in recv bce0
Claudio
On 2018-12-10 19:25:11, Andrey V. Elsukov wrote:
> On 10.12.2018 17:27, Claudio Eichenberger wrote:
> > Hello,
> >
> > ipfw -N show
> > FreeBSD 11.1 was like this:
> > 00600 712189 84865042 allow tcp from any to x.x.x.x dst-port https in recv bce0
> > FreeBSD 11.2 is like this:
> > 00600 712189 84865042 allow tcp from any to x.x.x.x 443 in recv bce0
> > Does a flag exist to make it report the the old way?
> > Many thanks in advance for your answer
>
> Hi,
>
> I just committed two fixes that should solve your problem:
> https://svnweb.freebsd.org/base/head/sbin/ipfw/ipfw2.c?view=log
>
> You can try to apply some of latest patches from this commit log to your
> source code and then test.
>
> --
> WBR, Andrey V. Elsukov
>
--
Tel +41 21 67 17 111
mailto:cei at yourshop.com
https://YourShop.com
"But Israel will be saved by the LORD with an everlasting salvation;
you will never be put to shame or disgraced, to ages everlasting."
-- Isaiah 45:17
https://www.youtube.com/DannyAyalon
More information about the freebsd-ipfw
mailing list