From 67c764f1532ad99fa8c2f6509375ce979e0dbdcb Mon Sep 17 00:00:00 2001
From: julian <julian@FreeBSD.org>
Date: Tue, 27 Mar 2007 23:50:17 +0000
Subject: [PATCH] MFC ip_fw2.c 1.143, 1.144     ip_fw.h 1.107, 1.108     add
 the capacity to fwd to a table argument.

---
 sys/netinet/ip_fw.h  |  1 +
 sys/netinet/ip_fw2.c | 36 ++++++++++++++++++++++++++++--------
 2 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h
index 08df7cc85b53..9a6038e330cc 100644
--- a/sys/netinet/ip_fw.h
+++ b/sys/netinet/ip_fw.h
@@ -534,6 +534,7 @@ struct ip_fw_args {
 	struct inpcb	*inp;
 
 	struct _ip6dn_args	dummypar; /* dummynet->ip6_output */
+	struct sockaddr_in hopstore;	/* store here if cannot use a pointer */
 };
 
 /*
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index 6d691c270220..b2fc86ecab56 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -794,7 +794,8 @@ static u_int64_t norule_counter;	/* counter for ipfw_log(NULL...) */
  */
 static void
 ipfw_log(struct ip_fw *f, u_int hlen, struct ip_fw_args *args,
-	struct mbuf *m, struct ifnet *oif, u_short offset, struct ip  *ip)
+	struct mbuf *m, struct ifnet *oif, u_short offset, uint32_t tablearg, struct ip  *ip)
+>>>>>>> 1.144
 {
 	struct ether_header *eh = args->eh;
 	char *action;
@@ -887,9 +888,15 @@ ipfw_log(struct ip_fw *f, u_int hlen, struct ip_fw_args *args,
 		case O_FORWARD_IP: {
 			ipfw_insn_sa *sa = (ipfw_insn_sa *)cmd;
 			int len;
+			struct in_addr dummyaddr;
+			if (sa->sa.sin_addr.s_addr == INADDR_ANY)
+				dummyaddr.s_addr = htonl(tablearg);
+			else
+				dummyaddr.s_addr = sa->sa.sin_addr.s_addr;
 
 			len = snprintf(SNPARGS(action2, 0), "Forward to %s",
-				inet_ntoa(sa->sa.sin_addr));
+				inet_ntoa(dummyaddr));
+
 			if (sa->sa.sin_port)
 				snprintf(SNPARGS(action2, len), ":%d",
 				    sa->sa.sin_port);
@@ -2916,7 +2923,8 @@ check_body:
 
 			case O_LOG:
 				if (fw_verbose)
-					ipfw_log(f, hlen, args, m, oif, offset, ip);
+					ipfw_log(f, hlen, args, m,
+					    oif, offset, tablearg, ip);
 				match = 1;
 				break;
 
@@ -3276,14 +3284,26 @@ check_body:
 				retval = IP_FW_DENY;
 				goto done;
 
-			case O_FORWARD_IP:
+			case O_FORWARD_IP: {
+				struct sockaddr_in *sa;
+				sa = &(((ipfw_insn_sa *)cmd)->sa);
 				if (args->eh)	/* not valid on layer2 pkts */
 					break;
-				if (!q || dyn_dir == MATCH_FORWARD)
-					args->next_hop =
-					    &((ipfw_insn_sa *)cmd)->sa;
+				if (!q || dyn_dir == MATCH_FORWARD) {
+					if (sa->sin_addr.s_addr == INADDR_ANY) {
+						bcopy(sa, &args->hopstore,
+							sizeof(*sa));
+						args->hopstore.sin_addr.s_addr =
+						    htonl(tablearg);
+						args->next_hop =
+						    &args->hopstore;
+					} else {
+						args->next_hop = sa;
+					}
+				}
 				retval = IP_FW_PASS;
-				goto done;
+			    }
+			    goto done;
 
 			case O_NETGRAPH:
 			case O_NGTEE: