From turutani@polymer3.scphys.kyoto-u.ac.jp  Fri Aug 10 06:52:44 2007
Return-Path: <turutani@polymer3.scphys.kyoto-u.ac.jp>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C4A0516A417
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 10 Aug 2007 06:52:44 +0000 (UTC)
	(envelope-from turutani@polymer3.scphys.kyoto-u.ac.jp)
Received: from omls-2c.kuins.net (omls-2c.kuins.net [192.50.9.4])
	by mx1.freebsd.org (Postfix) with ESMTP id 6577613C48E
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 10 Aug 2007 06:52:44 +0000 (UTC)
	(envelope-from turutani@polymer3.scphys.kyoto-u.ac.jp)
Received: from imls-2b.kuins.net (imls-2b.imail.kuins.net [10.224.254.4] (may be forged))
	by omls-2c.kuins.net (8.13.8/8.12.7) with ESMTP id l7A6qe19016585
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 10 Aug 2007 15:52:40 +0900
Received: from imls-2b.kuins.net (localhost.localdomain [127.0.0.1])
	by imls-2b.kuins.net (8.12.11/8.12.10) with ESMTP id l7A6qemq019346
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 10 Aug 2007 15:52:40 +0900
Received: from polymer3.scphys.kyoto-u.ac.jp (h78.212.225.10.0.vlan.kuins.net [10.225.212.78])
	by imls-2b.kuins.net (8.12.11/8.12.10) with ESMTP id l7A6qelg019343;
	Fri, 10 Aug 2007 15:52:40 +0900
Received: from polymer3.scphys.kyoto-u.ac.jp (localhost [127.0.0.1])
	by polymer3.scphys.kyoto-u.ac.jp (8.14.1/8.14.1/20070410-1) with ESMTP id l7A6qXsq028990;
	Fri, 10 Aug 2007 15:52:34 +0900 (JST)
	(envelope-from turutani@polymer3.scphys.kyoto-u.ac.jp)
Received: (from turutani@localhost)
	by polymer3.scphys.kyoto-u.ac.jp (8.14.1/8.14.1/Submit) id l7A6qXTw028989;
	Fri, 10 Aug 2007 15:52:33 +0900 (JST)
	(envelope-from turutani)
Message-Id: <200708100652.l7A6qXTw028989@polymer3.scphys.kyoto-u.ac.jp>
Date: Fri, 10 Aug 2007 15:52:33 +0900 (JST)
From: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Reply-To: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: "ipfw show" prints ill result.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         115372
>Category:       bin
>Synopsis:       [ipfw] [patch] "ipfw show" prints ill result.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    maxim
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 10 07:00:07 GMT 2007
>Closed-Date:    Sun Oct 14 08:58:35 UTC 2007
>Last-Modified:  Sun Oct 14 08:58:35 UTC 2007
>Originator:     Tsurutani Naoki
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD polymer3.scphys.kyoto-u.ac.jp 6.2-STABLE FreeBSD 6.2-STABLE #10: Thu Aug 9 09:51:27 JST 2007 turutani@polymer3.scphys.kyoto-u.ac.jp:/usr/local/work/usr/obj/usr/src/sys/POLYMER i386


	
>Description:
	running "ipfw show" prints ill result when a rule like
		${fwcmd} add 1 allow layer2 not mac-type ip
	is set.
	output is
		00001  0  0 allow ip from any to any layer2 not not mac-type 0x0800
	Two "not" present.
	
>How-To-Repeat:
	add abobe rule in /etc/rc.firewall, run it, and the run "ipfw show".
	rules containing "mac-type" causes this.
	
>Fix:
	This is introduced by rev.1.76.2.19 of src/sbin/ipfw/ipfw2.c.
	The older version does not produce this problem, as I checked.
	The structure of switch statement in show_ipfw() are changed
	at this revision, and "O_MACADDR2" is moved into deeper switch condition
	of the default condition of more global switch().
	The first "not" is by "default" section, and the 2nd is
	by print_newports().
	I do not know how to fix correctly.
	


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: remko 
Responsible-Changed-When: Fri Aug 10 07:21:13 UTC 2007 
Responsible-Changed-Why:  
Reassign to ipfw team. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115372 

From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: bug-followup@FreeBSD.org, turutani@scphys.kyoto-u.ac.jp
Cc: Maxim Konovalov <maxim@FreeBSD.org>,
        Oleg Bulyzhin <oleg@FreeBSD.org>
Subject: Re: bin/115372: [ipfw]: "ipfw show" prints ill result.
Date: Fri, 10 Aug 2007 11:50:02 +0400

 This is a multi-part message in MIME format.
 --------------040106090808050103000507
 Content-Type: text/plain; charset=KOI8-R; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Hi,
 
 this bug was not introduced by mentioned commit.
 You can see this bug also with following rules:
 # ipfw add allow ip from any to any not ipid 1,2,3,4,5
 # ipfw add allow ip from any to any not ipttl 1,2,3,4,5
 # ipfw add allow ip from any to any not iplen 1,2,3,4,5
 and "not tcpdatalen 1,2,3,4", "not tagged 1,2,3,4".
 
 Can you try this patch?
 
 -- 
 WBR, Andrey V. Elsukov
 
 --------------040106090808050103000507
 Content-Type: text/plain;
  name="ipfw2.c.diff.txt"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="ipfw2.c.diff.txt"
 
 --- src/sbin/ipfw/ipfw2.c.orig	2007-06-18 21:52:37.000000000 +0400
 +++ src/sbin/ipfw/ipfw2.c	2007-08-09 20:54:21.749670029 +0400
 @@ -668,8 +668,6 @@
  	int i;
  	char const *sep;
  
 -	if (cmd->o.len & F_NOT)
 -		printf(" not");
  	if (opcode != 0) {
  		sep = match_value(_port_name, opcode);
  		if (sep == NULL)
 @@ -1755,6 +1753,8 @@
  			show_prerequisites(&flags, HAVE_PROTO|HAVE_SRCIP, 0);
  			if ((cmd->len & F_OR) && !or_block)
  				printf(" {");
 +			if (cmd->len & F_NOT)
 +				printf(" not");
  			print_newports((ipfw_insn_u16 *)cmd, proto,
  				(flags & HAVE_OPTIONS) ? cmd->opcode : 0);
  			break;
 
 --------------040106090808050103000507--

From: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
To: bug-followup@FreeBSD.org, "Andrey V. Elsukov" <bu7cher@yandex.ru>
Cc: Maxim Konovalov <maxim@FreeBSD.org>, Oleg Bulyzhin <oleg@FreeBSD.org>
Subject: Re: bin/115372: [ipfw]: "ipfw show" prints ill result.
Date: Fri, 10 Aug 2007 18:30:58 +0900

 Hello,
 
 "Andrey V. Elsukov" <bu7cher@yandex.ru> wrote:
 
 > this bug was not introduced by mentioned commit.
 > You can see this bug also with following rules:
 > # ipfw add allow ip from any to any not ipid 1,2,3,4,5
 > # ipfw add allow ip from any to any not ipttl 1,2,3,4,5
 > # ipfw add allow ip from any to any not iplen 1,2,3,4,5
 > and "not tcpdatalen 1,2,3,4", "not tagged 1,2,3,4".
 
 That's right.
 I tried some of above, and the previous version can produce
 duplicated "not".
 On my FreeBSD 6-STABLE host, the patch should be modified (only about line numbers),
 like following;
 @@ -632,8 +632,6 @@
         int i;
         char const *sep;
 
 -       if (cmd->o.len & F_NOT)
 -               printf(" not");
         if (opcode != 0) {
                 sep = match_value(_port_name, opcode);
                 if (sep == NULL)
 @@ -1715,6 +1713,8 @@
                         show_prerequisites(&flags, HAVE_PROTO|HAVE_SRCIP, 0);
                         if ((cmd->len & F_OR) && !or_block)
                                 printf(" {");
 +                       if (cmd->len & F_NOT)
 +                               printf(" not");
                         print_newports((ipfw_insn_u16 *)cmd, proto,
                                 (flags & HAVE_OPTIONS) ? cmd->opcode : 0);
                         break;
 
 However, I do not know whether it is perfect or insufficient.
 Please fix as you think good.
 Thank you for your follow-up and patch.
Responsible-Changed-From-To: freebsd-ipfw->maxim 
Responsible-Changed-By: maxim 
Responsible-Changed-When: Mon Aug 27 05:37:02 UTC 2007 
Responsible-Changed-Why:  
Grab. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115372 
State-Changed-From-To: open->patched 
State-Changed-By: maxim 
State-Changed-When: Sun Sep 23 16:29:42 UTC 2007 
State-Changed-Why:  
Fixed in HEAD.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115372 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/115372: commit references a PR
Date: Sun, 23 Sep 2007 16:29:30 +0000 (UTC)

 maxim       2007-09-23 16:29:22 UTC
 
   FreeBSD src repository
 
   Modified files:
     sbin/ipfw            ipfw2.c 
   Log:
   o Cosmetic: fix the issue when "ipfw(8) show" produces "not" twice:
   
   $ ipfw -n add 1 allow layer2 not mac-type ip
   00001 allow ip from any to any layer2 not not mac-type 0x0800
   
   PR:             bin/115372
   Submitted by:   Andrey V. Elsukov
   Approved by:    re (hrs)
   MFC after:      3 weeks
   
   Revision  Changes    Path
   1.108     +2 -2      src/sbin/ipfw/ipfw2.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: Maxim Konovalov <maxim@macomnet.ru>
To: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Cc: bug-followup@FreeBSD.ORG, "Andrey V. Elsukov" <bu7cher@yandex.ru>,
        Oleg Bulyzhin <oleg@FreeBSD.ORG>
Subject: Re: bin/115372: [ipfw]: "ipfw show" prints ill result.
Date: Sun, 23 Sep 2007 20:36:08 +0400 (MSD)

 Committed to HEAD.  Thanks you all.
 
 -- 
 Maxim Konovalov
State-Changed-From-To: patched->closed 
State-Changed-By: maxim 
State-Changed-When: Sun Oct 14 08:58:16 UTC 2007 
State-Changed-Why:  
Merged to RELENG_6. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115372 
>Unformatted:
