From b767a9b53063d46c8e80da6d40713ec1e36fa3bd Mon Sep 17 00:00:00 2001 From: ae Date: Sun, 18 Nov 2018 00:28:56 +0000 Subject: [PATCH] MFC r339539: Add IPFW_RULE_JUSTOPTS flag, that is used by ipfw(8) to mark rule, that was added using "new rule format". And then, when the kernel returns rule with this flag, ipfw(8) can correctly show it. Reported by: lev Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D17373 --- sbin/ipfw/ipfw2.c | 11 ++++++++++- sys/netinet/ip_fw.h | 1 + 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 2784c0e4cd3..6ba1e3abb8c 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -2207,6 +2207,12 @@ show_static_rule(struct cmdline_opts *co, struct format_opts *fo, */ if (co->comment_only != 0) goto end; + + if (rule->flags & IPFW_RULE_JUSTOPTS) { + state.flags |= HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP; + goto justopts; + } + print_proto(bp, fo, &state); /* Print source */ @@ -2219,6 +2225,7 @@ show_static_rule(struct cmdline_opts *co, struct format_opts *fo, print_address(bp, fo, &state, dst_opcodes, nitems(dst_opcodes), O_IP_DSTPORT, HAVE_DSTIP); +justopts: /* Print the rest of options */ while (print_opcode(bp, fo, &state, -1)) ; @@ -4340,8 +4347,10 @@ compile_rule(char *av[], uint32_t *rbuf, int *rbufsize, struct tidx *tstate) } } else if (first_cmd != cmd) { errx(EX_DATAERR, "invalid protocol ``%s''", *av); - } else + } else { + rule->flags |= IPFW_RULE_JUSTOPTS; goto read_options; + } OR_BLOCK(get_proto); /* diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index b26a192f2aa..06bc1d38db1 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -613,6 +613,7 @@ struct ip_fw_rule { ipfw_insn cmd[1]; /* storage for commands */ }; #define IPFW_RULE_NOOPT 0x01 /* Has no options in body */ +#define IPFW_RULE_JUSTOPTS 0x02 /* new format of rule body */ /* Unaligned version */ -- 2.45.0