Bump up packet and byte counters to 64-bit unsigned ints. As a

consequence, ipfw's list command now adjusts its output at runtime
based on the largest packet/byte counter values.

NOTE:
  o The ipfw struct has changed requiring a recompile of both kernel
    and userland ipfw utility.

  o This probably should not be brought into 2.2.

PR:		3738

sbin/ipfw/ipfw.c

@@ -16,7 +16,7 @@
  *
  * NEW command line interface for IP firewall facility
  *
- * $Id: ipfw.c,v 1.51 1998/01/07 02:23:04 alex Exp $
+ * $Id: ipfw.c,v 1.52 1998/01/08 00:27:31 alex Exp $
  *
  */
 
@@ -164,7 +164,7 @@ print_reject_code(int code)
 }
 
 static void
-show_ipfw(struct ip_fw *chain)
+show_ipfw(struct ip_fw *chain, int pcwidth, int bcwidth)
 {
 	char *comma;
 	u_long adrt;
@@ -180,7 +180,7 @@ show_ipfw(struct ip_fw *chain)
 	printf("%05u ", chain->fw_number);
 
 	if (do_acct) 
-		printf("%10lu %10lu ",chain->fw_pcnt,chain->fw_bcnt);
+		printf("%*qu %*qu ",pcwidth,chain->fw_pcnt,bcwidth,chain->fw_bcnt);
 
 	if (do_time)
 	{
@@ -269,7 +269,7 @@ show_ipfw(struct ip_fw *chain)
 	if (chain->fw_prot == IPPROTO_TCP || chain->fw_prot == IPPROTO_UDP) {
 		comma = " ";
 		for (i = 0; i < nsp; i++) {
-			print_port(chain->fw_prot, chain->fw_pts[i], comma);
+			print_port(chain->fw_prot, chain->fw_uar.fw_pts[i], comma);
 			if (i==0 && (chain->fw_flg & IP_FW_F_SRNG))
 				comma = "-";
 			else
@@ -309,7 +309,7 @@ show_ipfw(struct ip_fw *chain)
 	if (chain->fw_prot == IPPROTO_TCP || chain->fw_prot == IPPROTO_UDP) {
 		comma = " ";
 		for (i = 0; i < ndp; i++) {
-			print_port(chain->fw_prot, chain->fw_pts[nsp+i], comma);
+			print_port(chain->fw_prot, chain->fw_uar.fw_pts[nsp+i], comma);
 			if (i==0 && (chain->fw_flg & IP_FW_F_DRNG))
 				comma = "-";
 			else
@@ -388,7 +388,7 @@ show_ipfw(struct ip_fw *chain)
 		printf(" icmptype");
 
 		for (type_index = 0; type_index < IP_FW_ICMPTYPES_DIM * sizeof(unsigned) * 8; ++type_index)
-			if (chain->fw_icmptypes[type_index / (sizeof(unsigned) * 8)] & 
+			if (chain->fw_uar.fw_icmptypes[type_index / (sizeof(unsigned) * 8)] & 
 				(1U << (type_index % (sizeof(unsigned) * 8)))) {
 				printf("%c%d", first == 1 ? ' ' : ',', type_index);
 				first = 0;
@@ -406,9 +406,10 @@ list(ac, av)
 {
 	struct ip_fw *r;
 	struct ip_fw rules[1024];
-	int l,i;
+	int l,i,bytes;
 	unsigned long rulenum;
-	int bytes;
+	int pcwidth = 0;
+	int bcwidth = 0;
 
 	/* extract rules from kernel */
 	memset(rules,0,sizeof rules);
@@ -416,11 +417,28 @@ list(ac, av)
 	i = getsockopt(s, IPPROTO_IP, IP_FW_GET, rules, &bytes);
 	if (i < 0)
 		err(2,"getsockopt(IP_FW_GET)");
+	if (do_acct)
+		/* find the maximum packet/byte counter widths */
+		for (r=rules, l = bytes; l >= sizeof rules[0]; 
+			 r++, l-=sizeof rules[0]) {
+			char temp[32];
+			int width;
+
+			/* packet counter */
+			width = sprintf(temp, "%qu", r->fw_pcnt);
+			if (width > pcwidth)
+				pcwidth = width;
+
+			/* byte counter */
+			width = sprintf(temp, "%qu", r->fw_bcnt);
+			if (width > bcwidth)
+				bcwidth = width;
+		}
 	if (!ac) {
 		/* display all rules */
 		for (r = rules, l = bytes; l >= sizeof rules[0]; 
 			 r++, l-=sizeof rules[0])
-			show_ipfw(r);
+			show_ipfw(r, pcwidth, bcwidth);
 	}
 	else {
 		/* display specific rules requested on command line */
@@ -442,7 +460,7 @@ list(ac, av)
 				 l >= sizeof rules[0] && r->fw_number <= rulenum;
 				 r++, l-=sizeof rules[0])
 				if (rulenum == r->fw_number) {
-					show_ipfw(r);
+					show_ipfw(r, pcwidth, bcwidth);
 					seen = 1;
 				}
 			if (!seen) {
@@ -939,7 +957,7 @@ add(ac,av)
 	if (ac && (isdigit(**av) || lookup_port(*av, 1, 1) >= 0)) {
 		u_short nports = 0;
 
-		if (fill_port(&nports, rule.fw_pts, 0, *av))
+		if (fill_port(&nports, rule.fw_uar.fw_pts, 0, *av))
 			rule.fw_flg |= IP_FW_F_SRNG;
 		IP_FW_SETNSRCP(&rule, nports);
 		av++; ac--;
@@ -963,7 +981,7 @@ add(ac,av)
 		u_short	nports = 0;
 
 		if (fill_port(&nports,
-		    rule.fw_pts, IP_FW_GETNSRCP(&rule), *av))
+		    rule.fw_uar.fw_pts, IP_FW_GETNSRCP(&rule), *av))
 			rule.fw_flg |= IP_FW_F_DRNG;
 		IP_FW_SETNDSTP(&rule, nports);
 		av++; ac--;
@@ -1069,7 +1087,7 @@ add(ac,av)
 				if (!ac)
 					show_usage("missing argument"
 					    " for ``icmptypes''");
-				fill_icmptypes(rule.fw_icmptypes,
+				fill_icmptypes(rule.fw_uar.fw_icmptypes,
 				    av, &rule.fw_flg);
 				av++; ac--; continue;
 			}
@@ -1091,7 +1109,7 @@ add(ac,av)
 		show_usage("can't check xmit interface of incoming packets");
 
 	if (!do_quiet)
-		show_ipfw(&rule);
+		show_ipfw(&rule, 10, 10);
 	i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
 	if (i)
 		err(EX_UNAVAILABLE, "setsockopt(%s)", "IP_FW_ADD");

sys/netinet/ip_fw.c

@@ -12,7 +12,7 @@
  *
  * This software is provided ``AS IS'' without any warranties of any kind.
  *
- *	$Id: ip_fw.c,v 1.70 1998/01/05 00:14:05 alex Exp $
+ *	$Id: ip_fw.c,v 1.71 1998/01/05 00:57:15 alex Exp $
  */
 
 /*
@@ -154,8 +154,8 @@ icmptype_match(struct icmp *icmp, struct ip_fw *f)
 	type = icmp->icmp_type;
 
 	/* check for matching type in the bitmap */
-	if (type < IP_FW_ICMPTYPES_DIM * sizeof(unsigned) * 8 &&
-		(f->fw_icmptypes[type / (sizeof(unsigned) * 8)] & 
+	if (type < IP_FW_ICMPTYPES_MAX &&
+		(f->fw_uar.fw_icmptypes[type / (sizeof(unsigned) * 8)] & 
 		(1U << (type % (8 * sizeof(unsigned))))))
 		return(1);
 
@@ -255,7 +255,7 @@ static void
 ipfw_report(struct ip_fw *f, struct ip *ip,
 	struct ifnet *rif, struct ifnet *oif)
 {
-	static int counter;
+	static u_int64_t counter;
 	struct tcphdr *const tcp = (struct tcphdr *) ((u_long *) ip+ ip->ip_hl);
 	struct udphdr *const udp = (struct udphdr *) ((u_long *) ip+ ip->ip_hl);
 	struct icmp *const icmp = (struct icmp *) ((u_long *) ip + ip->ip_hl);
@@ -469,11 +469,11 @@ ip_fw_chk(struct ip **pip, int hlen,
 			src_port = ntohs(udp->uh_sport);
 			dst_port = ntohs(udp->uh_dport);
 check_ports:
-			if (!port_match(&f->fw_pts[0],
+			if (!port_match(&f->fw_uar.fw_pts[0],
 			    IP_FW_GETNSRCP(f), src_port,
 			    f->fw_flg & IP_FW_F_SRNG))
 				continue;
-			if (!port_match(&f->fw_pts[IP_FW_GETNSRCP(f)],
+			if (!port_match(&f->fw_uar.fw_pts[IP_FW_GETNSRCP(f)],
 			    IP_FW_GETNDSTP(f), dst_port,
 			    f->fw_flg & IP_FW_F_DRNG)) 
 				continue;

sys/netinet/ip_fw.h

@@ -11,7 +11,7 @@
  *
  * This software is provided ``AS IS'' without any warranties of any kind.
  *
- *	$Id: ip_fw.h,v 1.29 1997/09/16 11:43:57 bde Exp $
+ *	$Id: ip_fw.h,v 1.30 1997/10/28 15:58:45 bde Exp $
  */
 
 #ifndef _IP_FW_H
@@ -49,17 +49,20 @@ union ip_fw_if {
  */
 
 struct ip_fw {
-    u_long fw_pcnt,fw_bcnt;		/* Packet and byte counters */
+    u_int64_t fw_pcnt,fw_bcnt;		/* Packet and byte counters */
     struct in_addr fw_src, fw_dst;	/* Source and destination IP addr */
     struct in_addr fw_smsk, fw_dmsk;	/* Mask for src and dest IP addr */
     u_short fw_number;			/* Rule number */
     u_short fw_flg;			/* Flags word */
 #define IP_FW_MAX_PORTS	10		/* A reasonable maximum */
-    u_short fw_pts[IP_FW_MAX_PORTS];	/* Array of port numbers to match */
+	union {
+	u_short fw_pts[IP_FW_MAX_PORTS];	/* Array of port numbers to match */
+#define IP_FW_ICMPTYPES_MAX	128
+#define IP_FW_ICMPTYPES_DIM	(IP_FW_ICMPTYPES_MAX / (sizeof(unsigned) * 8))
+	unsigned fw_icmptypes[IP_FW_ICMPTYPES_DIM]; /* ICMP types bitmap */
+	} fw_uar;
     u_char fw_ipopt,fw_ipnopt;		/* IP options set/unset */
     u_char fw_tcpf,fw_tcpnf;		/* TCP flags set/unset */
-#define IP_FW_ICMPTYPES_DIM (32 / (sizeof(unsigned) * 8))
-    unsigned fw_icmptypes[IP_FW_ICMPTYPES_DIM]; /* ICMP types bitmap */
     long timestamp;			/* timestamp (tv_sec) of last match */
     union ip_fw_if fw_in_if, fw_out_if;	/* Incoming and outgoing interfaces */
     union {