From bu7cher@yandex.ru  Sun Apr 29 16:09:33 2007
Return-Path: <bu7cher@yandex.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 8E14B16A400
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 29 Apr 2007 16:09:33 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from properlan.net (properlan.net [82.211.139.89])
	by mx1.freebsd.org (Postfix) with ESMTP id 66D1513C448
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 29 Apr 2007 16:09:32 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from btr-nb.properlan.net ([10.0.12.48])
	by properlan.net with esmtp (Exim 4.50)
	id 1HiBkH-0000r2-Dm
	for FreeBSD-gnats-submit@freebsd.org; Sun, 29 Apr 2007 19:55:29 +0400
Received: by btr-nb.properlan.net (Postfix, from userid 1001)
	id 861E017011; Sun, 29 Apr 2007 19:55:29 +0400 (MSD)
Message-Id: <20070429155529.861E017011@btr-nb.properlan.net>
Date: Sun, 29 Apr 2007 19:55:29 +0400 (MSD)
From: Andrey V. Elsukov <bu7cher@yandex.ru>
Reply-To: Andrey V. Elsukov <bu7cher@yandex.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch][ipfw] Incorrect output of rule with the MAC option
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         112244
>Category:       bin
>Synopsis:       [ipfw] [patch] Incorrect output of rule with the MAC option
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    maxim
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 29 16:10:01 GMT 2007
>Closed-Date:    Sun Jun 10 14:00:15 GMT 2007
>Last-Modified:  Sun Jun 10 14:00:15 GMT 2007
>Originator:     Andrey V. Elsukov
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD btr-nb.properlan.net 7.0-CURRENT FreeBSD 7.0-CURRENT #11: Sat Apr 21 18:17:26 MSD 2007 root@btr-nb.properlan.net:/usr/obj/usr/src/sys/BTR i386

>Description:
        The ipfw(8) show incorrect rule in some cases when used the MAC option.
        An example:
        > sudo ipfw add 100 count icmp from any to any MAC any any
        00100 count icmp MAC any any any

        "count icmp MAC any any any" is not the same that "count icmp from any to any MAC any any"
>How-To-Repeat:
        > sudo ipfw add 100 count icmp from any to any MAC any any
        00100 count icmp MAC any any any
>Fix:

	

--- ipfw2.c.diff begins here ---
--- src/sbin/ipfw/ipfw2.c	Sun Jan  7 06:02:02 2007
+++ src/sbin/ipfw/ipfw2.c	Mon Apr 16 22:07:01 2007
@@ -1400,10 +1400,8 @@
 #define	HAVE_PROTO	0x0001
 #define	HAVE_SRCIP	0x0002
 #define	HAVE_DSTIP	0x0004
-#define	HAVE_MAC	0x0008
-#define	HAVE_MACTYPE	0x0010
-#define	HAVE_PROTO4	0x0040
-#define	HAVE_PROTO6	0x0080
+#define	HAVE_PROTO4	0x0008
+#define	HAVE_PROTO6	0x0010
 #define	HAVE_OPTIONS	0x8000
 
 #define	HAVE_IP		(HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP)
@@ -1415,16 +1413,6 @@
 	if ( (*flags & HAVE_IP) == HAVE_IP)
 		*flags |= HAVE_OPTIONS;
 
-	if ( (*flags & (HAVE_MAC|HAVE_MACTYPE|HAVE_OPTIONS)) == HAVE_MAC &&
-	     cmd != O_MAC_TYPE) {
-		/*
-		 * mac-type was optimized out by the compiler,
-		 * restore it
-		 */
-		printf(" any");
-		*flags |= HAVE_MACTYPE | HAVE_OPTIONS;
-		return;
-	}
 	if ( !(*flags & HAVE_OPTIONS)) {
 		if ( !(*flags & HAVE_PROTO) && (want & HAVE_PROTO))
 			if ( (*flags & HAVE_PROTO4))
@@ -1680,28 +1668,6 @@
 		case O_PROBE_STATE:
 			break; /* no need to print anything here */
 
-		case O_MACADDR2: {
-			ipfw_insn_mac *m = (ipfw_insn_mac *)cmd;
-
-			if ((cmd->len & F_OR) && !or_block)
-				printf(" {");
-			if (cmd->len & F_NOT)
-				printf(" not");
-			printf(" MAC");
-			flags |= HAVE_MAC;
-			print_mac(m->addr, m->mask);
-			print_mac(m->addr + 6, m->mask + 6);
-			}
-			break;
-
-		case O_MAC_TYPE:
-			if ((cmd->len & F_OR) && !or_block)
-				printf(" {");
-			print_newports((ipfw_insn_u16 *)cmd, IPPROTO_ETHERTYPE,
-				(flags & HAVE_OPTIONS) ? cmd->opcode : 0);
-			flags |= HAVE_MAC | HAVE_MACTYPE | HAVE_OPTIONS;
-			break;
-
 		case O_IP_SRC:
 		case O_IP_SRC_LOOKUP:
 		case O_IP_SRC_MASK:
@@ -1809,6 +1775,21 @@
 			if (cmd->len & F_NOT && cmd->opcode != O_IN)
 				printf(" not");
 			switch(cmd->opcode) {
+			case O_MACADDR2: {
+				ipfw_insn_mac *m = (ipfw_insn_mac *)cmd;
+
+				printf(" MAC");
+				print_mac(m->addr, m->mask);
+				print_mac(m->addr + 6, m->mask + 6);
+				}
+				break;
+
+			case O_MAC_TYPE:
+				print_newports((ipfw_insn_u16 *)cmd,
+						IPPROTO_ETHERTYPE, cmd->opcode);
+				break;
+
+
 			case O_FRAG:
 				printf(" frag");
 				break;
--- ipfw2.c.diff ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Apr 29 19:01:52 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=112244 
State-Changed-From-To: open->patched 
State-Changed-By: maxim 
State-Changed-When: Mon Apr 30 17:39:55 UTC 2007 
State-Changed-Why:  
Fixed in HEAD.  Thanks for the patch! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=112244 
Responsible-Changed-From-To: freebsd-ipfw->maxim 
Responsible-Changed-By: maxim 
Responsible-Changed-When: Mon Apr 30 17:43:43 UTC 2007 
Responsible-Changed-Why:  
MFC reminder and feedbacks trap. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=112244 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/112244: commit references a PR
Date: Mon, 30 Apr 2007 17:39:38 +0000 (UTC)

 maxim       2007-04-30 17:39:30 UTC
 
   FreeBSD src repository
 
   Modified files:
     sbin/ipfw            ipfw2.c 
   Log:
   o Make ipfw(8) show rules with mac/mac-type options correctly.
   
   Before:
   
   $ ipfw -n add 100 count icmp from any to any mac-type 0x01
   00100 count icmp 0x0001
   $ ipfw -n add 100 count icmp from any to any mac any any
   00100 count icmp MAC any any any
   
   After:
   
   $ ipfw -n add 100 count icmp from any to any mac-type 0x01
   00100 count icmp from any to any mac-type 0x0001
   $ ipfw -n add 100 count icmp from any to any mac any any
   00100 count icmp from any to any MAC any any
   
   PR:             bin/112244
   Submitted by:   Andrey V. Elsukov
   MFC after:      1 month
   
   Revision  Changes    Path
   1.103     +17 -36    src/sbin/ipfw/ipfw2.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: maxim 
State-Changed-When: Sun Jun 10 13:59:54 UTC 2007 
State-Changed-Why:  
Merged to RELENG_6. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=112244 
>Unformatted:
