Hello!
I've noticed some changes in ipfw, as follows:
RELEASE-5.4:
# ipfw pipe 1 config bw 64Kbit/s
# ipfw pipe 2 config bw 512Kbit/s
# ipfw pipe 3 config bw 512Kbit/s mask dst-ip 0xfffffffc
# ipfw pipe show
00001: 64.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
00002: 512.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
00003: 512.000 Kbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0xfffffffc/0x0000
RELEASE-6.1
# ipfw pipe 1 config bw 64Kbit/s
# ipfw pipe 2 config bw 512Kbit/s
# ipfw pipe 3 config bw 512Kbit/s mask dst-ip 0xfffffffc
# ipfw pipe show
00001: 64.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail
00002: 512.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail
00003: 512.000 Kbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail
In RELEASE-6.1, the line containing mask options is not shown.
IMHO, it should be displayed because it's part of pipe attributes.
I went to check the differences in the source code and it seems that
adding IPv6 to ipfw2.c made the 'mask' line appears only when there is a
flow to that pipe.
I made some changes trying to revert to the previous behaviour, but as I
am not keen to this kind of programming, I'd like to someone more
experienced to take a look at it.
It seems to work, but currently I can't check whether IPv6 masks are
shown correctly.
I need the 'old' behaviour because some shell scripts stopped working
when we upgraded our server.
Thank you,
Tobias.
--- ipfw2.c.orig Fri Jul 28 09:52:04 2006
+++ ipfw2.c Fri Jul 28 12:05:29 2006
@@ -2004,9 +2004,32 @@
{
int l;
int index_printed, indexes = 0;
- char buff[255];
+ int ipv6_masks = 0;
+ char buff[255], buff2[255];
struct protoent *pe;
+ inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6),
+ buff, sizeof(buff));
+ inet_ntop(AF_INET6, &(fs->flow_mask.dst_ip6),
+ buff2, sizeof(buff2));
+
+ if (fs->flow_mask.flow_id6 != 0 || strlen(buff) > 2 || strlen(buff2) >
2)
+ ipv6_masks = 1;
+
+ if (!ipv6_masks) {
+ printf(" "
+ "mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
+ fs->flow_mask.proto,
+ fs->flow_mask.src_ip, fs->flow_mask.src_port,
+ fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
+ } else {
+ printf(" "
+ "mask: proto: 0x%02x, flow_id: 0x%08x, %s/0x%04x ->
%s/0x%04x\n",
+ fs->flow_mask.proto, fs->flow_mask.flow_id6,
+ buff, fs->flow_mask.src_port,
+ buff2, fs->flow_mask.dst_port);
+ }
+
if (fs->rq_elements == 0)
return;
@@ -2027,11 +2050,6 @@
if (indexes > 0) /* currently a no-op */
printf("\n");
indexes++;
- printf(" "
- "mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
- fs->flow_mask.proto,
- fs->flow_mask.src_ip, fs->flow_mask.src_port,
- fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
printf("BKT Prot ___Source IP/port____ "
"____Dest. IP/port____ "
@@ -2069,14 +2087,6 @@
if (indexes > 0)
printf("\n");
indexes++;
- printf("\n mask: proto: 0x%02x, flow_id: 0x%08x,
",
- fs->flow_mask.proto, fs->flow_mask.flow_id6);
- inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6),
- buff, sizeof(buff));
- printf("%s/0x%04x -> ", buff, fs->flow_mask.src_port);
- inet_ntop( AF_INET6, &(fs->flow_mask.dst_ip6),
- buff, sizeof(buff) );
- printf("%s/0x%04x\n", buff, fs->flow_mask.dst_port);
printf("BKT ___Prot___ _flow-id_ "
"______________Source IPv6/port_______________ "
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
