From fd3d1a7d1e1949e97cd57c6b49c6f967f3390784 Mon Sep 17 00:00:00 2001
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Tue, 11 Feb 2025 12:48:17 +0300
Subject: [PATCH] ipfw: make 'ipfw show' output compatible with 'ipfw add'
 command

If rule was added in compact form and rule body is empty, print
'proto ip' opcode to be compatible with ipfw(8) syntax parser.

  Before:
  $ ipfw add allow proto ip
  000700 allow
  After:
  $ ipfw add allow proto ip
  000700 allow proto ip

(cherry picked from commit 706a03f61bbb6e0cf10e6c3727966495b30d763e)
---
 sbin/ipfw/ipfw2.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index 7a8601aad46..beff243ecdb 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -2380,6 +2380,13 @@ show_static_rule(struct cmdline_opts *co, struct format_opts *fo,
 
 	if (rule->flags & IPFW_RULE_JUSTOPTS) {
 		state.flags |= HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP;
+		/*
+		 * Print `proto ip` if all opcodes has been already printed.
+		 */
+		if (memchr(state.printed, 0, rule->act_ofs) == NULL) {
+			bprintf(bp, " proto ip");
+			goto end;
+		}
 		goto justopts;
 	}