Bug 18830

Summary: add IP_FW_GETRULE to ipfw, in order to get single rules
Product: Base System Reporter: alex <alex>
Component: kernAssignee: Luigi Rizzo <luigi>
Status: Closed FIXED    
Severity: Affects Only Me CC: billf
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff
none
file.diff none

Description alex 2000-05-26 13:10:01 UTC 
while IP_FW_GET gets the complete chain, which is complete overhead for
some stuff, IP_FW_GETRULE gets only a single rule.
That makes stuff much more easy.

In fact, on billf's and ps's request I have implemented ipfw move and ipfw swap
in order to move/swap rules. These uses IP_FW_GETRULE:

root:~ $ ipfw show 200 ; ipfw move 200 300 ; ipfw show 300
00200 16 3217 allow tcp from any to any
00200 allow tcp from any to any
00300  0    0 allow tcp from any to any

Fix: cvs diff: Diffing .
Comment 1 alex 2000-05-26 13:21:16 UTC 
Thus spake alex@big.endian.de (alex@big.endian.de):

> +		if (!(fcp || fcp->rule)) {
> +			error = EINVAL;
> +			break;
> +		}

Of _course_, that must be !(fcp && fcp->rule)

(urks, boolean logic...)

Alex

-- 
I need a new ~/.sig.
Comment 2 Brian Feldman freebsd_committer freebsd_triage 2000-06-01 22:49:18 UTC 
State Changed
From-To: open->feedback

There are a couple problems I have with it.  The big problem is that 
you don't copy the entire chain of a specific rule number out, but only 
the very first one.
Comment 3 Luigi Rizzo freebsd_committer freebsd_triage 2001-02-11 23:25:27 UTC 
Responsible Changed
From-To: freebsd-bugs->luigi

i am working on the code... but the proposed patch is not general enough, 
as you can have multiple rules with the same number, and the 
proposed patch does not support well that case.
Comment 4 Luigi Rizzo freebsd_committer freebsd_triage 2001-09-03 21:35:06 UTC 
State Changed
From-To: feedback->closed

The more i think of it, the more i find it unnecessary to 
grab single ipfw rules from the kernel. This can be done 
very easily in userland (ipfw|grep) and besides the 
proposed patch does not work when there are multiple rules with 
the same rule number.