From owner-svn-src-head@FreeBSD.ORG  Thu Sep 15 12:28:17 2011
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7E97B106564A;
	Thu, 15 Sep 2011 12:28:17 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 64F398FC1A;
	Thu, 15 Sep 2011 12:28:17 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p8FCSHff073621;
	Thu, 15 Sep 2011 12:28:17 GMT (envelope-from ae@svn.freebsd.org)
Received: (from ae@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id p8FCSHVY073618;
	Thu, 15 Sep 2011 12:28:17 GMT (envelope-from ae@svn.freebsd.org)
Message-Id: <201109151228.p8FCSHVY073618@svn.freebsd.org>
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Thu, 15 Sep 2011 12:28:17 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r225586 - in head/sys: modules/netgraph/ipfw netgraph
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2011 12:28:17 -0000

Author: ae
Date: Thu Sep 15 12:28:17 2011
New Revision: 225586
URL: http://svn.freebsd.org/changeset/base/225586

Log:
  Add IPv6 support to the ng_ipfw(4) [1]. Also add ifdefs to be able
  build it with and without INET/INET6 support.
  
  Submitted by:	Alexander V. Chernikov <melifaro at yandex-team.ru> [1]
  Tested by:	Alexander V. Chernikov <melifaro at yandex-team.ru> [1]
  Approved by:	re (bz)
  MFC after:	2 weeks

Modified:
  head/sys/modules/netgraph/ipfw/Makefile
  head/sys/netgraph/ng_ipfw.c

Modified: head/sys/modules/netgraph/ipfw/Makefile
==============================================================================
--- head/sys/modules/netgraph/ipfw/Makefile	Thu Sep 15 12:27:26 2011	(r225585)
+++ head/sys/modules/netgraph/ipfw/Makefile	Thu Sep 15 12:28:17 2011	(r225586)
@@ -1,6 +1,20 @@
 # $FreeBSD$
 
+.include <bsd.own.mk>
+
 KMOD=	ng_ipfw
-SRCS= 	ng_ipfw.c
+SRCS= 	ng_ipfw.c opt_inet.h opt_inet6.h
+
+.if !defined(KERNBUILDDIR)
+
+.if ${MK_INET_SUPPORT} != "no"
+opt_inet.h:
+	echo "#define INET 1" > ${.TARGET}
+.endif
+.if ${MK_INET6_SUPPORT} != "no"
+opt_inet6.h:
+	echo "#define INET6 1" > ${.TARGET}
+.endif
+.endif
 
 .include <bsd.kmod.mk>

Modified: head/sys/netgraph/ng_ipfw.c
==============================================================================
--- head/sys/netgraph/ng_ipfw.c	Thu Sep 15 12:27:26 2011	(r225585)
+++ head/sys/netgraph/ng_ipfw.c	Thu Sep 15 12:28:17 2011	(r225586)
@@ -26,6 +26,9 @@
  * $FreeBSD$
  */
 
+#include "opt_inet.h"
+#include "opt_inet6.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
@@ -47,6 +50,8 @@
 #include <netinet/ip_fw.h>
 #include <netinet/ipfw/ip_fw_private.h>
 #include <netinet/ip.h>
+#include <netinet/ip6.h>
+#include <netinet6/ip6_var.h>
 
 #include <netgraph/ng_message.h>
 #include <netgraph/ng_parse.h>
@@ -224,6 +229,7 @@ ng_ipfw_rcvdata(hook_p hook, item_p item
 	struct m_tag *tag;
 	struct ipfw_rule_ref *r;
 	struct mbuf *m;
+	struct ip *ip;
 
 	NGI_GET_M(item, m);
 	NG_FREE_ITEM(item);
@@ -234,23 +240,47 @@ ng_ipfw_rcvdata(hook_p hook, item_p item
 		return (EINVAL);	/* XXX: find smth better */
 	};
 
+	if (m->m_len < sizeof(struct ip) &&
+	    (m = m_pullup(m, sizeof(struct ip))) == NULL)
+		return (EINVAL);
+
+	ip = mtod(m, struct ip *);
+
 	r = (struct ipfw_rule_ref *)(tag + 1);
 	if (r->info & IPFW_INFO_IN) {
-		ip_input(m);
+		switch (ip->ip_v) {
+#ifdef INET
+		case IPVERSION:
+			ip_input(m);
+			break;
+#endif
+#ifdef INET6
+		case IPV6_VERSION >> 4:
+			ip6_input(m);
+			break;
+#endif
+		default:
+			NG_FREE_M(m);
+			return (EINVAL);
+		}
 		return (0);
 	} else {
-		struct ip *ip;
-
-		if (m->m_len < sizeof(struct ip) &&
-		    (m = m_pullup(m, sizeof(struct ip))) == NULL)
+		switch (ip->ip_v) {
+#ifdef INET
+		case IPVERSION:
+			SET_HOST_IPLEN(ip);
+			return (ip_output(m, NULL, NULL, IP_FORWARDING,
+			    NULL, NULL));
+#endif
+#ifdef INET6
+		case IPV6_VERSION >> 4:
+			return (ip6_output(m, NULL, NULL, 0, NULL,
+			    NULL, NULL));
+#endif
+		default:
 			return (EINVAL);
-
-		ip = mtod(m, struct ip *);
-
-		SET_HOST_IPLEN(ip);
-
-		return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
-	}	
+		}
+	}
 }
 
 static int