Add IPv6 support to the ng_ipfw(4) [1]. Also add ifdefs to be able

build it with and without INET/INET6 support. Submitted by: Alexander V. Chernikov <melifaro at yandex-team.ru> [1] Tested by: Alexander V. Chernikov <melifaro at yandex-team.ru> [1] Approved by: re (bz) MFC after: 2 weeks
svn path=/head/; revision=225586
2011-09-15 12:28:17 +00:00 · 2011-09-15 12:28:17 +00:00 · f2a66f8e17 · 2020-12-20 02:59:44 +00:00
commit f2a66f8e17
parent 3657c405e3
2 changed files with 57 additions and 13 deletions
--- a/sys/modules/netgraph/ipfw/Makefile
+++ b/sys/modules/netgraph/ipfw/Makefile
@ -1,6 +1,20 @@
 # $FreeBSD$

+.include <bsd.own.mk>
+
 KMOD=	ng_ipfw
-SRCS= 	ng_ipfw.c
+SRCS= 	ng_ipfw.c opt_inet.h opt_inet6.h
+
+.if !defined(KERNBUILDDIR)
+
+.if ${MK_INET_SUPPORT} != "no"
+opt_inet.h:
+	echo "#define INET 1" > ${.TARGET}
+.endif
+.if ${MK_INET6_SUPPORT} != "no"
+opt_inet6.h:
+	echo "#define INET6 1" > ${.TARGET}
+.endif
+.endif

 .include <bsd.kmod.mk>
--- a/sys/netgraph/ng_ipfw.c
+++ b/sys/netgraph/ng_ipfw.c
@ -26,6 +26,9 @@
 * $FreeBSD$
 */

+#include "opt_inet.h"
+#include "opt_inet6.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
@ -47,6 +50,8 @@
 #include <netinet/ip_fw.h>
 #include <netinet/ipfw/ip_fw_private.h>
 #include <netinet/ip.h>
+#include <netinet/ip6.h>
+#include <netinet6/ip6_var.h>

 #include <netgraph/ng_message.h>
 #include <netgraph/ng_parse.h>
@ -224,6 +229,7 @@ ng_ipfw_rcvdata(hook_p hook, item_p item)
 	struct m_tag *tag;
 	struct ipfw_rule_ref *r;
 	struct mbuf *m;
+	struct ip *ip;

 	NGI_GET_M(item, m);
 	NG_FREE_ITEM(item);
@ -234,23 +240,47 @@ ng_ipfw_rcvdata(hook_p hook, item_p item)
 		return (EINVAL);	/* XXX: find smth better */
 	};

+	if (m->m_len < sizeof(struct ip) &&
+	    (m = m_pullup(m, sizeof(struct ip))) == NULL)
+		return (EINVAL);
+
+	ip = mtod(m, struct ip *);
+
 	r = (struct ipfw_rule_ref *)(tag + 1);
 	if (r->info & IPFW_INFO_IN) {
-		ip_input(m);
+		switch (ip->ip_v) {
+#ifdef INET
+		case IPVERSION:
+			ip_input(m);
+			break;
+#endif
+#ifdef INET6
+		case IPV6_VERSION >> 4:
+			ip6_input(m);
+			break;
+#endif
+		default:
+			NG_FREE_M(m);
+			return (EINVAL);
+		}
 		return (0);
 	} else {
-		struct ip *ip;
-
-		if (m->m_len < sizeof(struct ip) &&
-		    (m = m_pullup(m, sizeof(struct ip))) == NULL)
+		switch (ip->ip_v) {
+#ifdef INET
+		case IPVERSION:
+			SET_HOST_IPLEN(ip);
+			return (ip_output(m, NULL, NULL, IP_FORWARDING,
+			    NULL, NULL));
+#endif
+#ifdef INET6
+		case IPV6_VERSION >> 4:
+			return (ip6_output(m, NULL, NULL, 0, NULL,
+			    NULL, NULL));
+#endif
+		default:
 			return (EINVAL);
-
-		ip = mtod(m, struct ip *);
-
-		SET_HOST_IPLEN(ip);
-
-		return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
-	}	
+		}
+	}
 }

 static int