A bunch of minor fixes:

* accept "icmptype" as an alias for "icmptypes"; * remove an extra whitespace after "log" rules; * print correctly the "limit" masks; * correct a typo in parsing dummynet arguments (this caused a coredump); * do not allow specifying both "check-state" and "limit", they are (and have always been) mutually exclusive; * remove an extra print of the rule before installing it; * make stdout buffered -- otherwise, if you log its output with syslog, you will see one entry for each printf(). Rather unpleasant.
svn path=/head/; revision=99909
2024-11-28 08:02:54 +00:00 · 2002-07-13 15:57:23 +00:00 · 2002-07-13 15:57:23 +00:00 · 0a7197a83c · 2020-12-20 02:59:44 +00:00
commit 0a7197a83c
parent 4ca65ba0d2
1 changed files with 11 additions and 8 deletions
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@ -315,6 +315,7 @@ struct _s_x rule_options[] = {
 	{ "tcpseq",		TOK_TCPSEQ },
 	{ "tcpack",		TOK_TCPACK },
 	{ "tcpwin",		TOK_TCPWIN },
+	{ "icmptype",		TOK_ICMPTYPES },
 	{ "icmptypes",		TOK_ICMPTYPES },

 	{ "not",		TOK_NOT },		/* pseudo option */
@ -850,9 +851,9 @@ show_ipfw(struct ip_fw *rule)
 	}
 	if (logptr) {
 		if (logptr->max_log > 0)
-			printf(" log logamount %d ", logptr->max_log);
+			printf(" log logamount %d", logptr->max_log);
 		else
-			printf(" log ");
+			printf(" log");
 	}
 	/*
 	 * then print the body
@ -1066,7 +1067,7 @@ show_ipfw(struct ip_fw *rule)

 				printf(" limit");
 				for ( ; p->x != 0 ; p++) 
-					if (x & p->x) {
+					if ((x & p->x) == p->x) {
 						x &= ~p->x;
 						printf("%s%s", comma, p->s);
 						comma = ",";
@ -1841,7 +1842,7 @@ config_pipe(int ac, char **av)
 				    a = strtoul(av[0]+1, &end, 0);
 				    a = (a == 32) ? ~0 : (1 << a) - 1;
 			    } else 
-				    a = strtoul(av[1], &end, 0);
+				    a = strtoul(av[0], &end, 0);
 			    if (p32 != NULL)
 				    *p32 = a;
 			    else if (p16 != NULL) {
@ -2695,12 +2696,18 @@ add(int ac, char *av[])
 			break;

 		case TOK_KEEPSTATE:
+			if (have_state)
+				errx(EX_USAGE, "only one of check-state "
+					"and limit is allowed");
 			have_state = 1;
 			fill_cmd(cmd, O_KEEP_STATE, 0, 0);
 			break;

 		case TOK_LIMIT:
 			NEED1("limit needs mask and # of connections");
+			if (have_state)
+				errx(EX_USAGE, "only one of check-state "
+					"and limit is allowed");
 		    {
 			ipfw_insn_limit *c = (ipfw_insn_limit *)cmd;

@ -2790,8 +2797,6 @@ add(int ac, char *av[])

 	rule->cmd_len = (u_int32_t *)dst - (u_int32_t *)(rule->cmd);
 	i = (void *)dst - (void *)rule;
-	if (!do_quiet)
-		show_ipfw(rule);
 	if (getsockopt(s, IPPROTO_IP, IP_FW_ADD, rule, &i) == -1)
 		err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_ADD");
 	if (!do_quiet)
@ -3148,8 +3153,6 @@ main(int ac, char *av[])
 	if (s < 0)
 		err(EX_UNAVAILABLE, "socket");

-	setbuf(stdout, 0);
-
 	/*
 	 * If the last argument is an absolute pathname, interpret it
 	 * as a file to be preprocessed.