summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorluigi <luigi@FreeBSD.org>2010-03-15 18:20:51 +0000
committerluigi <luigi@FreeBSD.org>2010-03-15 18:20:51 +0000
commitb958ac2aee0c02d048840ba1a096b9d1a8e4a2d2 (patch)
tree69c012db56511bb135a92c11fc1ac88e39fd7888
parent3ada53d651797fa9ab1a3df69b6d4176151ec68c (diff)
downloadFreeBSD-src-b958ac2aee0c02d048840ba1a096b9d1a8e4a2d2.zip
FreeBSD-src-b958ac2aee0c02d048840ba1a096b9d1a8e4a2d2.tar.gz
print correctly commands of the form
ipfw add 100 allow ip from { 1.2.3.4 or 5.6.7.8 } (note that the above example could be better written as ipfw add 100 allow dst-ip 1.2.3.4,5.6.7.8 Submitted by: Riccardo Panicucci
-rw-r--r--sbin/ipfw/ipfw2.c25
1 files changed, 17 insertions, 8 deletions
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index 7940e54..1ab827f 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -921,9 +921,9 @@ print_icmptypes(ipfw_insn_u32 *cmd)
#define HAVE_DSTIP 0x0004
#define HAVE_PROTO4 0x0008
#define HAVE_PROTO6 0x0010
+#define HAVE_IP 0x0100
#define HAVE_OPTIONS 0x8000
-#define HAVE_IP (HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP)
static void
show_prerequisites(int *flags, int want, int cmd __unused)
{
@@ -1024,7 +1024,9 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
switch(cmd->opcode) {
case O_CHECK_STATE:
printf("check-state");
- flags = HAVE_IP; /* avoid printing anything else */
+ /* avoid printing anything else */
+ flags = HAVE_PROTO | HAVE_SRCIP |
+ HAVE_DSTIP | HAVE_IP;
break;
case O_ACCEPT:
@@ -1164,7 +1166,8 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
show_prerequisites(&flags, HAVE_PROTO, 0);
printf(" from any to any");
}
- flags |= HAVE_IP | HAVE_OPTIONS;
+ flags |= HAVE_IP | HAVE_OPTIONS | HAVE_PROTO |
+ HAVE_SRCIP | HAVE_DSTIP;
}
if (co.comment_only)
@@ -1253,9 +1256,12 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
break;
case O_IP_DSTPORT:
- show_prerequisites(&flags, HAVE_IP, 0);
+ show_prerequisites(&flags,
+ HAVE_PROTO | HAVE_SRCIP |
+ HAVE_DSTIP | HAVE_IP, 0);
case O_IP_SRCPORT:
- show_prerequisites(&flags, HAVE_PROTO|HAVE_SRCIP, 0);
+ show_prerequisites(&flags,
+ HAVE_PROTO | HAVE_SRCIP, 0);
if ((cmd->len & F_OR) && !or_block)
printf(" {");
if (cmd->len & F_NOT)
@@ -1276,7 +1282,8 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
if ((flags & (HAVE_PROTO4 | HAVE_PROTO6)) &&
!(flags & HAVE_PROTO))
show_prerequisites(&flags,
- HAVE_IP | HAVE_OPTIONS, 0);
+ HAVE_PROTO | HAVE_IP | HAVE_SRCIP |
+ HAVE_DSTIP | HAVE_OPTIONS, 0);
if (flags & HAVE_OPTIONS)
printf(" proto");
if (pe)
@@ -1294,7 +1301,8 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
((cmd->opcode == O_IP4) &&
(flags & HAVE_PROTO4)))
break;
- show_prerequisites(&flags, HAVE_IP | HAVE_OPTIONS, 0);
+ show_prerequisites(&flags, HAVE_PROTO | HAVE_SRCIP |
+ HAVE_DSTIP | HAVE_IP | HAVE_OPTIONS, 0);
if ((cmd->len & F_OR) && !or_block)
printf(" {");
if (cmd->len & F_NOT && cmd->opcode != O_IN)
@@ -1548,7 +1556,8 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
or_block = 0;
}
}
- show_prerequisites(&flags, HAVE_IP, 0);
+ show_prerequisites(&flags, HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP
+ | HAVE_IP, 0);
if (comment)
printf(" // %s", comment);
printf("\n");
OpenPOWER on IntegriCloud