MFC src/sys/netinet/ip_fw2.c rev.1.133:

install_state() should properly initialize 'addr_type' field of newly created
flows for O_LIMIT rules.

MFC src/sbin/ipfw/ipfw2.c rev.1.90 (mlaier):

Print dynamic rules for IPv6 as well.

PR:		bin/98349

sbin/ipfw/ipfw2.c

@@ -1931,6 +1931,7 @@ show_dyn_ipfw(ipfw_dyn_rule *d, int pcwidth, int bcwidth)
 	struct protoent *pe;
 	struct in_addr a;
 	uint16_t rulenum;
+	char buf[INET6_ADDRSTRLEN];
 
 	if (!do_expired) {
 		if (!d->expire && !(d->dyn_type == O_LIMIT_PARENT))
@@ -1959,11 +1960,20 @@ show_dyn_ipfw(ipfw_dyn_rule *d, int pcwidth, int bcwidth)
 	else
 		printf(" proto %u", d->id.proto);
 
-	a.s_addr = htonl(d->id.src_ip);
-	printf(" %s %d", inet_ntoa(a), d->id.src_port);
+	if (d->id.addr_type == 4) {
+		a.s_addr = htonl(d->id.src_ip);
+		printf(" %s %d", inet_ntoa(a), d->id.src_port);
 
-	a.s_addr = htonl(d->id.dst_ip);
-	printf(" <-> %s %d", inet_ntoa(a), d->id.dst_port);
+		a.s_addr = htonl(d->id.dst_ip);
+		printf(" <-> %s %d", inet_ntoa(a), d->id.dst_port);
+	} else if (d->id.addr_type == 6) {
+		printf(" %s %d", inet_ntop(AF_INET6, &d->id.src_ip6, buf,
+		    sizeof(buf)), d->id.src_port);
+		printf(" <-> %s %d", inet_ntop(AF_INET6, &d->id.dst_ip6, buf,
+		    sizeof(buf)), d->id.dst_port);
+	} else
+		printf(" UNKNOWN <-> UNKNOWN\n");
+	
 	printf("\n");
 }
 

sys/netinet/ip_fw2.c

@@ -1501,6 +1501,7 @@ install_state(struct ip_fw *rule, ipfw_insn_limit *cmd,
 		id.dst_ip = id.src_ip = 0;
 		id.dst_port = id.src_port = 0;
 		id.proto = args->f_id.proto;
+		id.addr_type = args->f_id.addr_type;
 
 		if (IS_IP6_FLOW_ID (&(args->f_id))) {
 			if (limit_mask & DYN_SRC_ADDR)