From nobody Mon Apr 11 10:30:26 2022
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 211391AADE21;
	Mon, 11 Apr 2022 10:30:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4KcQ9H0QLVz4SNs;
	Mon, 11 Apr 2022 10:30:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1649673027;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=BdMlZUW1jlkcKxFCPYnuBqQmzyk3twjoP4HPBIZ4DHc=;
	b=XVmy7sAa1X1YbhRJ1quUIG5BeqmhWP7JXv4v1962UEeT3bg4LVVNLxoAGhD3z2po5z099j
	eDoNU/q2tKOAJ9oUzd/qYDDzNv2HxuMW9ZNLNANvFe6DZMd049A0s8GNSbjYf+XkWoIpDb
	gqR6A8939bNXviLto7VMS2kBSSHWOi/qpcgAtDfNwnzoA6ddWYrsrtZXhgccc5KS9+/2Sp
	Sj5WdUG7LP+TBij35imYhcxQv+LIfwJbG/E0yTKfHEGEE6Bn4amQoPvpSoTQNhF9OJ8ZZN
	+QqOd+NEaKSPKO/Wn8tgA8firBFexvJE77KOpIN7v6g8k3H4zc+2m83hSXe+Fw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DE5F121292;
	Mon, 11 Apr 2022 10:30:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 23BAUQOP068515;
	Mon, 11 Apr 2022 10:30:26 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 23BAUQFo068514;
	Mon, 11 Apr 2022 10:30:26 GMT
	(envelope-from git)
Date: Mon, 11 Apr 2022 10:30:26 GMT
Message-Id: <202204111030.23BAUQFo068514@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Subject: git: 4763c0aa68a7 - main - ipfw: fix matching and setting DSCP value for IPv6
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ae
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 4763c0aa68a7147258922a33a8401f1f2067ba49
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1649673027;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=BdMlZUW1jlkcKxFCPYnuBqQmzyk3twjoP4HPBIZ4DHc=;
	b=wunAUvY5zwrjeAsynOQIpO6iIgf+4tEZSrh0M7G8myewoo8wv0D1a6P+C0nomgxssjQiW1
	9J2aILLA0Cu7ldpLm/s5Mp8P4d4KubJEj1fDPBgx+zJHCWet9mCFVXQqBgHGVI+bSsCpG6
	OFjwQGznKL0O3WJ7WsSt10XA8hIX22kpKzhqBtq+MMonYuVL638vQUwt+zQZrY98de0dpg
	Ny0MYY6M2yv3rj0OCxLivatLPaEbgNxQRe7cXY0jh8bzvXnFKToNjfUNXosB9hDAa7JwWi
	SL+afTOkh2vLdbbubz4lfCoMPvlozAjrMvyv6FlgI3uUfd8CcwMQhr+EShVWzQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1649673027; a=rsa-sha256; cv=none;
	b=tvGtGFf2rk1IqMTkdsaqpZcU45xL/pWk8/08wcKP3eYiWsJtaup4B3YFyQMUxkWE0drJY2
	PmtJXOyzu7osZ179BON7B09JFvBbWRZzEFkJ++y0F260GzUtTiXQHmrddHm8ka8xeE3Sqd
	VF26Mjg5Ya8AzRHYZJ2EEp2zMUPhb6m3wo8LFLM9XlrzVswWOW9CC85LIar63oOKCKa319
	gS0KUFGGE+J+CUue8jepgCoy/nPsL2v0vb4kh5caplRZfF+vunYFMJpsbN6e51z1SzHxRV
	mv3+kWDO4oH5ZUZrMct2xIW4eHbWPheDhAKiA6UKBikbam8Cf5mkSipdqL32dA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by ae:

URL: https://cgit.FreeBSD.org/src/commit/?id=4763c0aa68a7147258922a33a8401f1f2067ba49

commit 4763c0aa68a7147258922a33a8401f1f2067ba49
Author:     Andrey V. Elsukov <ae@FreeBSD.org>
AuthorDate: 2022-04-06 18:43:50 +0000
Commit:     Andrey V. Elsukov <ae@FreeBSD.org>
CommitDate: 2022-04-11 10:13:49 +0000

    ipfw: fix matching and setting DSCP value for IPv6
    
    Matching for DSCP codes has used incorrect bits. Use IPV6_DSCP()
    macro for matching opcodes to fix this. Also this leads to always
    use value from a mbuf instead of cached value.
    
    Previously different opcodes have used both cached in f_id value
    and stored in the mbuf, and it did not always work after setdscp
    action, since cached value was not updated.
    
    Update IPv6 flowid value cached in the f_id.flow_id6 when we do
    modification of DSCP value in O_SETDSCP opcode, it may be used by
    external modules.
    
    Also added logging support for O_SETDSCP opcode.
    
    Reviewed by:    kp
    MFC after:      1 week
    Differential Revision: https://reviews.freebsd.org/D34807
---
 sys/netpfil/ipfw/ip_fw2.c    | 27 ++++++++++++---------------
 sys/netpfil/ipfw/ip_fw_log.c |  7 +++++--
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
index bcf775009d25..7775b519270f 100644
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -2064,11 +2064,9 @@ do {								\
 					else if (vidx == 6 /* dscp */) {
 						if (is_ipv4)
 							key = ip->ip_tos >> 2;
-						else {
-							key = args->f_id.flow_id6;
-							key = (key & 0x0f) << 2 |
-							    (key & 0xf000) >> 14;
-						}
+						else
+							key = IPV6_DSCP(
+							    (struct ip6_hdr *)ip) >> 2;
 						key &= 0x3f;
 					} else if (vidx == 2 /* dst-port */ ||
 					    vidx == 3 /* src-port */) {
@@ -2328,11 +2326,9 @@ do {								\
 				if (is_ipv4)
 					x = ip->ip_tos >> 2;
 				else if (is_ipv6) {
-					uint8_t *v;
-					v = &((struct ip6_hdr *)ip)->ip6_vfc;
-					x = (*v & 0x0F) << 2;
-					v++;
-					x |= *v >> 6;
+					x = IPV6_DSCP(
+					    (struct ip6_hdr *)ip) >> 2;
+					x &= 0x3f;
 				} else
 					break;
 
@@ -3139,12 +3135,13 @@ do {								\
 					ip->ip_sum = cksum_adjust(ip->ip_sum,
 					    old, *(uint16_t *)ip);
 				} else if (is_ipv6) {
-					uint8_t *v;
+					/* update cached value */
+					args->f_id.flow_id6 =
+					    ntohl(*(uint32_t *)ip) & ~0x0FC00000;
+					args->f_id.flow_id6 |= code << 22;
 
-					v = &((struct ip6_hdr *)ip)->ip6_vfc;
-					*v = (*v & 0xF0) | (code >> 2);
-					v++;
-					*v = (*v & 0x3F) | ((code & 0x03) << 6);
+					*((uint32_t *)ip) =
+					    htonl(args->f_id.flow_id6);
 				} else
 					break;
 
diff --git a/sys/netpfil/ipfw/ip_fw_log.c b/sys/netpfil/ipfw/ip_fw_log.c
index 3e375b06cd76..d230d243a0f7 100644
--- a/sys/netpfil/ipfw/ip_fw_log.c
+++ b/sys/netpfil/ipfw/ip_fw_log.c
@@ -156,8 +156,7 @@ ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen,
 				altq->qid);
 			cmd += F_LEN(cmd);
 		}
-		if (cmd->opcode == O_PROB || cmd->opcode == O_TAG ||
-		    cmd->opcode == O_SETDSCP)
+		if (cmd->opcode == O_PROB || cmd->opcode == O_TAG)
 			cmd += F_LEN(cmd);
 
 		action = action2;
@@ -202,6 +201,10 @@ ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen,
 			snprintf(SNPARGS(action2, 0), "Tee %d",
 				TARG(cmd->arg1, divert));
 			break;
+		case O_SETDSCP:
+			snprintf(SNPARGS(action2, 0), "SetDscp %d",
+				TARG(cmd->arg1, dscp) & 0x3F);
+			break;
 		case O_SETFIB:
 			snprintf(SNPARGS(action2, 0), "SetFib %d",
 				TARG(cmd->arg1, fib) & 0x7FFF);