svn commit: r340529 - in stable/12: sbin/ipfw sys/netinet

Andrey V. Elsukov ae at FreeBSD.org
Sat Nov 17 23:57:48 UTC 2018 

Author: ae
Date: Sat Nov 17 23:57:46 2018
New Revision: 340529
URL: https://svnweb.freebsd.org/changeset/base/340529

Log:
  MFC r339539:
    Add IPFW_RULE_JUSTOPTS flag, that is used by ipfw(8) to mark rule,
    that was added using "new rule format". And then, when the kernel
    returns rule with this flag, ipfw(8) can correctly show it.
  
    Reported by:	lev
    Sponsored by:	Yandex LLC
    Differential Revision:	https://reviews.freebsd.org/D17373

Modified:
  stable/12/sbin/ipfw/ipfw2.c
  stable/12/sys/netinet/ip_fw.h
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sbin/ipfw/ipfw2.c
==============================================================================
--- stable/12/sbin/ipfw/ipfw2.c	Sat Nov 17 23:56:25 2018	(r340528)
+++ stable/12/sbin/ipfw/ipfw2.c	Sat Nov 17 23:57:46 2018	(r340529)
@@ -2207,6 +2207,12 @@ show_static_rule(struct cmdline_opts *co, struct forma
 	 */
 	if (co->comment_only != 0)
 		goto end;
+
+	if (rule->flags & IPFW_RULE_JUSTOPTS) {
+		state.flags |= HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP;
+		goto justopts;
+	}
+
 	print_proto(bp, fo, &state);
 
 	/* Print source */
@@ -2219,6 +2225,7 @@ show_static_rule(struct cmdline_opts *co, struct forma
 	print_address(bp, fo, &state, dst_opcodes, nitems(dst_opcodes),
 	    O_IP_DSTPORT, HAVE_DSTIP);
 
+justopts:
 	/* Print the rest of options */
 	while (print_opcode(bp, fo, &state, -1))
 		;
@@ -4340,8 +4347,10 @@ chkarg:
 		}
 	} else if (first_cmd != cmd) {
 		errx(EX_DATAERR, "invalid protocol ``%s''", *av);
-	} else
+	} else {
+		rule->flags |= IPFW_RULE_JUSTOPTS;
 		goto read_options;
+	}
     OR_BLOCK(get_proto);
 
 	/*

Modified: stable/12/sys/netinet/ip_fw.h
==============================================================================
--- stable/12/sys/netinet/ip_fw.h	Sat Nov 17 23:56:25 2018	(r340528)
+++ stable/12/sys/netinet/ip_fw.h	Sat Nov 17 23:57:46 2018	(r340529)
@@ -615,6 +615,7 @@ struct ip_fw_rule {
 	ipfw_insn	cmd[1];		/* storage for commands		*/
 };
 #define	IPFW_RULE_NOOPT		0x01	/* Has no options in body	*/
+#define	IPFW_RULE_JUSTOPTS	0x02	/* new format of rule body	*/
 
 /* Unaligned version */

More information about the svn-src-all mailing list