From nobody Fri Apr 18 12:34:18 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZfDj63jcjz5skjP; Fri, 18 Apr 2025 12:34:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZfDj61nnnz3PYQ; Fri, 18 Apr 2025 12:34:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1744979658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1OFJ6yhZZdhAZEXHiQIkEeFDQZP6OIDzWJ+0fTrgDlc=; b=rxjyV3blD3NMtq8N7Z1JRpFWZWXubx1u1PZbxqDEsZ0wqJ5asYyMI2MI3SU5IEhEHUWCUb 5hOZzo2f4VYvGI6Y2LznUwUbPsc32vK0PyVZ/YTwzP+u20IHiWSeXAvRJzLhYSMeP9C+41 tXElWIeGsKaSGsNoL2fgRIhVxH7Pi622j5INVq5K+hLNv4pBVt94clyn8G9AfpaK+L9Gna VA8t2pxG9QAB4dz3nMxMdtVLbeVd8pO6IPc9VOek3EvLHRl/ur5sB4wgXbV+OOhYyP9b7d Bnsxfn6PdKiDF/fCKmBpe7DJykoORXKfQSFZdoyb628hePhKpIPGGFFEDPpMYg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1744979658; a=rsa-sha256; cv=none; b=GOMSKfKeo2kGE2ZH/t/MgwHcLrwlwEK+VSpAnF5d79B55GTMDBQnPUBMT1Mjd+REbM79xp 22oVKlm2TZltiZNJXa3yiY32j2puzRn3g/TvIlhbEvvzmBUgvE06Nr15FHlZko+guWCoq9 P1FfYhCbM+5Kbycj7NbxeKd7EHCXxzLssZOY4DBnqZxdkDnjI+BtyqxOK690rTVX0lMgtu GmVwv9jmgq9Hx9R02Ma1OzZ8X4453fkwHLh/nmcintp6NT7vWqhamdIhRWoq2mHSjArDuW clUJ6lUEVLoKiSM4GQ2niIi2NQkDB9hXwX3FkQJldZqKfPDSxnpyFbA36tV0Hw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1744979658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1OFJ6yhZZdhAZEXHiQIkEeFDQZP6OIDzWJ+0fTrgDlc=; b=B5B8x/rG0ImtKs7WXq+4SNuDKNlp/l/JF0WfH0o1H2fxjvFqWr9rR9pmQZBSrV1E5mb832 sURBTCYTeqd3FtXaKN5mFVwgeJbsjfh+k17JUec1fL9I8mRdxQ9TxMEhJtae/3eb3EpWxq VvbChgIo71stTj+6VUtwNJb3VbNMaestB7G4fW9gwJraVJ1HNAwUk+yeCZcldQVhn8/tvb uSesDbCYe737p1ya1SHKuo18cXNXrlVUHqgw6UEYgbiGb9xtp9BxUEdO6uFNOKMZZemGHH AmAzRa0SJZ3bJkH27wCzUYtBPe0KXRhJlpKqIIh5+RVK/UTVQt5aky3OB3BGmw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZfDj61HHszbBY; Fri, 18 Apr 2025 12:34:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53ICYIqm064585; Fri, 18 Apr 2025 12:34:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53ICYIMJ064582; Fri, 18 Apr 2025 12:34:18 GMT (envelope-from git) Date: Fri, 18 Apr 2025 12:34:18 GMT Message-Id: <202504181234.53ICYIMJ064582@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Andrey V. Elsukov" Subject: git: e26d1cea25cd - main - ipfw: add IPv6 logging via rtsock support for fwd tablearg opcode List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ae X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e26d1cea25cd4d2ce95032022f7823b012c58c5f Auto-Submitted: auto-generated The branch main has been updated by ae: URL: https://cgit.FreeBSD.org/src/commit/?id=e26d1cea25cd4d2ce95032022f7823b012c58c5f commit e26d1cea25cd4d2ce95032022f7823b012c58c5f Author: Andrey V. Elsukov AuthorDate: 2025-04-18 11:48:25 +0000 Commit: Andrey V. Elsukov CommitDate: 2025-04-18 11:48:25 +0000 ipfw: add IPv6 logging via rtsock support for fwd tablearg opcode Also fix handling for O_SETMARK opcode. O_MARK should not be handled together with action opcodes. Obtained from: Yandex LLC Sponsored by: Yandex LLC --- sys/netpfil/ipfw/ip_fw_log.c | 52 ++++++++++++++++++++++++++++++-------------- 1 file changed, 36 insertions(+), 16 deletions(-) diff --git a/sys/netpfil/ipfw/ip_fw_log.c b/sys/netpfil/ipfw/ip_fw_log.c index 3f3980b8ee65..98b7a758c612 100644 --- a/sys/netpfil/ipfw/ip_fw_log.c +++ b/sys/netpfil/ipfw/ip_fw_log.c @@ -506,11 +506,10 @@ ipfw_rtsocklog_fill_l3(struct ip_fw_args *args, } static struct sockaddr * -ipfw_rtsocklog_handle_tablearg(struct ip_fw_chain *chain, ipfw_insn *cmd, - uint32_t tablearg, uint32_t *targ_value, char **buf) +ipfw_rtsocklog_handle_tablearg(struct ip_fw_chain *chain, + struct ip_fw_args *args, ipfw_insn *cmd, uint32_t tablearg, + uint32_t *targ_value, char **buf) { - struct sockaddr_in *v4nh = NULL; - /* handle tablearg now */ switch (cmd->opcode) { case O_DIVERT: @@ -531,26 +530,47 @@ ipfw_rtsocklog_handle_tablearg(struct ip_fw_chain *chain, ipfw_insn *cmd, case O_CALLRETURN: if (cmd->opcode == O_CALLRETURN && (cmd->len & F_NOT)) break; - *targ_value = (TARG(insntod(cmd, u32)->d[0], skipto)); + *targ_value = TARG(insntod(cmd, u32)->d[0], skipto); break; case O_PIPE: case O_QUEUE: *targ_value = TARG(cmd->arg1, pipe); break; - case O_MARK: - *targ_value = TARG(cmd->arg1, mark); + case O_SETMARK: + if (cmd->arg1 == IP_FW_TARG) + *targ_value = TARG_VAL(chain, tablearg, mark); break; case O_FORWARD_IP: - v4nh = (struct sockaddr_in *)buf; - buf += sizeof(*v4nh); - *v4nh = ((ipfw_insn_sa *)cmd)->sa; - if (v4nh->sin_addr.s_addr == INADDR_ANY) - v4nh->sin_addr.s_addr = htonl(tablearg); - - return (struct sockaddr *)v4nh; + if (IS_IP4_FLOW_ID(&args->f_id)) { + struct sockaddr_in *nh = (struct sockaddr_in *)*buf; + + *buf += sizeof(*nh); + memcpy(nh, &insntod(cmd, sa)->sa, sizeof(*nh)); + if (nh->sin_addr.s_addr == INADDR_ANY) + nh->sin_addr.s_addr = htonl( + TARG_VAL(chain, tablearg, nh4)); + return ((struct sockaddr *)nh); + } + /* FALLTHROUGH */ #ifdef INET6 case O_FORWARD_IP6: - return (struct sockaddr *)&(((ipfw_insn_sa6 *)cmd)->sa); + if (IS_IP6_FLOW_ID(&args->f_id)) { + const struct sockaddr_in *sin = &insntod(cmd, sa)->sa; + struct sockaddr_in6 *nh = (struct sockaddr_in6 *)*buf; + + *buf += sizeof(*nh); + if (cmd->opcode == O_FORWARD_IP && + sin->sin_addr.s_addr == INADDR_ANY) { + nh->sin6_family = AF_INET6; + nh->sin6_len = sizeof(*nh); + nh->sin6_addr = TARG_VAL(chain, tablearg, nh6); + nh->sin6_port = sin->sin_port; + nh->sin6_scope_id = + TARG_VAL(chain, tablearg, zoneid); + } else + memcpy(nh, &insntod(cmd, sa6)->sa, sizeof(*nh)); + return ((struct sockaddr *)nh); + } #endif default: break; @@ -661,7 +681,7 @@ ipfw_log_rtsock(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen, /* handle tablearg */ info->rti_info[RTAX_GENMASK] = ipfw_rtsocklog_handle_tablearg( - chain, cmd, tablearg, targ_value, &buf); + chain, args, cmd, tablearg, targ_value, &buf); /* L3 */ ipfw_rtsocklog_fill_l3(args, &buf,