kern/57736: IP Filter IPv6 accounting bug

[FUKAUMI Naoki]

>Number:         57736
>Category:       kern
>Synopsis:       IP Filter IPv6 accounting bug
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 08 04:00:25 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     FUKAUMI Naoki
>Release:        FreeBSD 4.9-PRERELEASE i386
>Organization:
SOUM Corporation
>Environment:
>Description:
	IP Filter IPv6 accounting (packet byte count) is broken.
>How-To-Repeat:
	# echo count in all | ipf -6 -f -
	# echo count out all | ipf -6 -f -
	(some IPv6 communication)
	# ipfstat -6 -aio
	(count is incorrect)
>Fix:
	This PR and patch was sent to author few minutes ago.

--- fil.c.orig	2003-06-28 00:29:37.000000000 +0900
+++ fil.c	2003-10-08 19:15:03.000000000 +0900
@@ -630,7 +630,7 @@
 {
 	register struct frentry *fr;
 	register fr_ip_t *fi = &fin->fin_fi;
-	int rulen, portcmp = 0, off, skip = 0, logged = 0;
+	int rulen, portcmp = 0, off, skip = 0, logged = 0, len, v = ip->ip_v;
 	u_32_t pass, passt, passl;
 	frentry_t *frl;
 
@@ -809,10 +809,20 @@
 		}
 #endif /* IPFILTER_LOG */
 		ATOMIC_INCL(fr->fr_hits);
-		if (passt & FR_ACCOUNT)
-			fr->fr_bytes += (U_QUAD_T)ip->ip_len;
-		else
+		if (passt & FR_ACCOUNT) {
+#ifdef	USE_INET6
+			if (v == 6) {
+				len = ntohs(((ip6_t*)ip)->ip6_plen);
+				len += sizeof(ip6_t);
+			} else
+#endif
+			{
+				len = ip->ip_len;
+			}
+			fr->fr_bytes += (U_QUAD_T)len;
+		} else {
 			fin->fin_icode = fr->fr_icode;
+		}
 		fin->fin_rule = rulen;
 		fin->fin_group = fr->fr_group;
 		if (fr->fr_grp != NULL) {
>Release-Note:
>Audit-Trail:
>Unformatted: