From nobody Fri Apr 18 12:34:16 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZfDj51xVsz5sl52;
	Fri, 18 Apr 2025 12:34:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZfDj50lYNz3Pks;
	Fri, 18 Apr 2025 12:34:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1744979657;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=nxKWZBbYCZTe7NBVLvqxi5nBDv2VvcxRIz7dK4qafsY=;
	b=U7Ddt9lQHlx7EzOHb1ESslQcU0dXDI5pDeb824/myys/YIMtjI+DgO8+0GTP9Cq2cAfBH3
	fbNoRgay3eM+2PxusYMZg3PfqQ9UWPOeusYWcqGLy5s+5poeDBik94dfABHJjBtZ+KkYik
	UIxQXyAY9vtmuvwyQbdZ1KdOshGmIuJclpRbgyCkUh8v3/bPywgsQk2R3RXZBULDiOGd62
	0RIlDZMkCq/5zdAYl5xhXwithEQQdvAO/7hkfdlYRtjdyh9YMELMFB4Z3vpotzHiRA5Oiu
	cNXLrgYD027ozk2oF28tkUqk4CycDLfeAUZ3KbFonIaj813ofzqtkLTOl8EGvw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1744979657; a=rsa-sha256; cv=none;
	b=P43YlDSCdM3e6LE0gsUh4Rf3HkcdPPBNy+GkkIKzIeITz9tijieLdT2WhSbM6syO/Wrhlu
	5KX40j8MNM0s3E0g4JWRFhY/W/XWZ/WZ2/JO0J/cXl7UwPwBK3562uXDvblvCdRg/oBUkl
	5M0Sx0xtSs4Cvy6ctRHH8csCji654/I3OW9q1nTSuFuDeKpHEFPhX/us0JuvreAZOb6LcX
	JM2kUSpP/NaOcXgXx+kFbTOV8w/bCbzxOhWVc2KnhoDTQrGRKUAV0cj9DAr67r6o7974Xo
	Ni6EulCzC0XNe6GTFkoVwDU8h+79+1PL8SPLJd856CfMTm2Dwc45PEOysbKAiA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1744979657;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=nxKWZBbYCZTe7NBVLvqxi5nBDv2VvcxRIz7dK4qafsY=;
	b=rVZa6OFXC+brBeWZd0I7wEbnmiwI33GD75+16szqoC05kaALGTpdaipW+jgI6rwbPSKX1g
	1Jp3X7+Fm51FHoJN1YTYf88W3wNfwsHJJ/r/PTXMopz5sgC64GDBLoIvhCKONrVbeFwCyt
	5NGC1zkjPOcOuOZ/szxvayQETpeU7btqXaRinRiFUrWJ7mVrAb7QN94RyrfPtUG0agrukM
	HEgzc5NVHNuE+WGeaHxAKGRpmmPwgd4IMHPsQ1jHTmGc4FeyycPBQ8ZJTc1r68IGISl8I2
	4RF2fYKj75XP8hVjEZ8QfGSQxaYAALRz64YCoJybaRGT367DjRHXCSfpSugHcw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZfDj50M1mzb4P;
	Fri, 18 Apr 2025 12:34:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53ICYGBF064543;
	Fri, 18 Apr 2025 12:34:16 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53ICYGdU064540;
	Fri, 18 Apr 2025 12:34:16 GMT
	(envelope-from git)
Date: Fri, 18 Apr 2025 12:34:16 GMT
Message-Id: <202504181234.53ICYGdU064540@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Subject: git: 4a02faa114c5 - main - ipfw: add IPv6 logging support
  for fwd tablearg opcode
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ae
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 4a02faa114c5914dd13a25d81d36b3bb44e70dc9
Auto-Submitted: auto-generated

The branch main has been updated by ae:

URL: https://cgit.FreeBSD.org/src/commit/?id=4a02faa114c5914dd13a25d81d36b3bb44e70dc9

commit 4a02faa114c5914dd13a25d81d36b3bb44e70dc9
Author:     Andrey V. Elsukov <ae@FreeBSD.org>
AuthorDate: 2025-04-18 11:40:14 +0000
Commit:     Andrey V. Elsukov <ae@FreeBSD.org>
CommitDate: 2025-04-18 11:40:14 +0000

    ipfw: add IPv6 logging support for fwd tablearg opcode
    
    Obtained from:  Yandex LLC
    MFC after:      2 weeks
    Sponsored by:   Yandex LLC
---
 sys/netpfil/ipfw/ip_fw_log.c | 81 ++++++++++++++++++++++++++++----------------
 1 file changed, 52 insertions(+), 29 deletions(-)

diff --git a/sys/netpfil/ipfw/ip_fw_log.c b/sys/netpfil/ipfw/ip_fw_log.c
index 389b04ccbace..3f3980b8ee65 100644
--- a/sys/netpfil/ipfw/ip_fw_log.c
+++ b/sys/netpfil/ipfw/ip_fw_log.c
@@ -224,39 +224,62 @@ ipfw_log_syslog(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen,
 			snprintf(SNPARGS(action2, 0), "Queue %d",
 				TARG(cmd->arg1, pipe));
 			break;
-		case O_FORWARD_IP: {
-			char buf[INET_ADDRSTRLEN];
-			ipfw_insn_sa *sa = (ipfw_insn_sa *)cmd;
-			int len;
-			struct in_addr dummyaddr;
-			if (sa->sa.sin_addr.s_addr == INADDR_ANY)
-				dummyaddr.s_addr = htonl(tablearg);
-			else
-				dummyaddr.s_addr = sa->sa.sin_addr.s_addr;
-
-			len = snprintf(SNPARGS(action2, 0), "Forward to %s",
-				inet_ntoa_r(dummyaddr, buf));
-
-			if (sa->sa.sin_port)
-				snprintf(SNPARGS(action2, len), ":%d",
-				    sa->sa.sin_port);
+		case O_FORWARD_IP:
+			if (IS_IP4_FLOW_ID(&args->f_id)) {
+				char buf[INET_ADDRSTRLEN];
+				const struct sockaddr_in *sin = &insntod(cmd, sa)->sa;
+				int len;
+
+				/* handle fwd tablearg */
+				if (sin->sin_addr.s_addr == INADDR_ANY) {
+					struct in_addr tmp;
+
+					tmp.s_addr = htonl(
+					    TARG_VAL(chain, tablearg, nh4));
+					inet_ntoa_r(tmp, buf);
+				} else
+					inet_ntoa_r(sin->sin_addr, buf);
+				len = snprintf(SNPARGS(action2, 0),
+				    "Forward to %s", buf);
+				if (sin->sin_port != 0)
+					snprintf(SNPARGS(action2, len), ":%d",
+					    sin->sin_port);
 			}
-			break;
+			/* FALLTHROUGH */
 #ifdef INET6
-		case O_FORWARD_IP6: {
-			char buf[INET6_ADDRSTRLEN];
-			ipfw_insn_sa6 *sa = (ipfw_insn_sa6 *)cmd;
-			int len;
-
-			len = snprintf(SNPARGS(action2, 0), "Forward to [%s]",
-			    ip6_sprintf(buf, &sa->sa.sin6_addr));
-
-			if (sa->sa.sin6_port)
-				snprintf(SNPARGS(action2, len), ":%u",
-				    sa->sa.sin6_port);
+		case O_FORWARD_IP6:
+			if (IS_IP6_FLOW_ID(&args->f_id)) {
+				char buf[INET6_ADDRSTRLEN];
+				struct sockaddr_in6 tmp;
+				const struct sockaddr_in *sin = &insntod(cmd, sa)->sa;
+				struct sockaddr_in6 *sin6 = &insntod(cmd, sa6)->sa;
+				int len;
+
+				if (cmd->opcode == O_FORWARD_IP &&
+				    sin->sin_addr.s_addr == INADDR_ANY) {
+					sin6 = &tmp;
+					sin6->sin6_addr =
+					    TARG_VAL(chain, tablearg, nh6);
+					sin6->sin6_scope_id =
+					    TARG_VAL(chain, tablearg, zoneid);
+					sin6->sin6_port = sin->sin_port;
+				}
+
+				ip6_sprintf(buf, &sin6->sin6_addr);
+				if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) &&
+				    sin6->sin6_scope_id != 0)
+					len = snprintf(SNPARGS(action2, 0),
+					    "Forward to [%s%%%u]",
+					    buf, sin6->sin6_scope_id);
+				else
+					len = snprintf(SNPARGS(action2, 0),
+					    "Forward to [%s]", buf);
+				if (sin6->sin6_port != 0)
+					snprintf(SNPARGS(action2, len), ":%u",
+					    sin6->sin6_port);
 			}
-			break;
 #endif
+			break;
 		case O_NETGRAPH:
 			snprintf(SNPARGS(action2, 0), "Netgraph %d",
 				cmd->arg1);