From 4af0f1ccbb26830d0a6b214076ae436bcd4cd6dd Mon Sep 17 00:00:00 2001
From: Junwei Zhou <13527627497@139.com>
Date: Mon, 15 Jun 2020 17:48:46 +0800
Subject: [PATCH] IPFW: supported IPv6.

---
 tools/ipfw/Makefile   |  4 ++++
 tools/ipfw/dummynet.c |  8 ++++----
 tools/ipfw/ipfw2.c    | 14 +++++++-------
 tools/ipfw/ipv6.c     | 12 +++++++-----
 tools/ipfw/main.c     |  8 ++++++++
 tools/ipfw/tables.c   | 22 +++++++++++-----------
 6 files changed, 41 insertions(+), 27 deletions(-)

diff --git a/tools/ipfw/Makefile b/tools/ipfw/Makefile
index 32183f62d..568f0dfd9 100644
--- a/tools/ipfw/Makefile
+++ b/tools/ipfw/Makefile
@@ -18,6 +18,10 @@ SRCS+=  altq.c
 CFLAGS+=-DPF
 endif
 
+ifneq (${MK_INET6_SUPPORT},"no")
+CFLAGS+= -DINET6
+endif
+
 LIBADD=	util
 MAN=	ipfw.8
 
diff --git a/tools/ipfw/dummynet.c b/tools/ipfw/dummynet.c
index 20c563ba0..1eaf94c81 100644
--- a/tools/ipfw/dummynet.c
+++ b/tools/ipfw/dummynet.c
@@ -404,9 +404,9 @@ print_mask(struct ipfw_flow_id *id)
 		printf("\n        mask: %sproto: 0x%02x, flow_id: 0x%08x,  ",
 		    id->extra ? "queue," : "",
 		    id->proto, id->flow_id6);
-		inet_ntop(AF_INET6, &(id->src_ip6), buf, sizeof(buf));
+		inet_ntop(AF_INET6_LINUX, &(id->src_ip6), buf, sizeof(buf));
 		printf("%s/0x%04x -> ", buf, id->src_port);
-		inet_ntop(AF_INET6, &(id->dst_ip6), buf, sizeof(buf));
+		inet_ntop(AF_INET6_LINUX, &(id->dst_ip6), buf, sizeof(buf));
 		printf("%s/0x%04x\n", buf, id->dst_port);
 	}
 }
@@ -455,10 +455,10 @@ list_flow(struct buf_pr *bp, struct dn_flow *ni)
 		else
 			bprintf(bp, "%9u ", id->proto);
 		bprintf(bp, "%7d  %39s/%-5d ", id->flow_id6,
-		    inet_ntop(AF_INET6, &(id->src_ip6), buff, sizeof(buff)),
+		    inet_ntop(AF_INET6_LINUX, &(id->src_ip6), buff, sizeof(buff)),
 		    id->src_port);
 		bprintf(bp, " %39s/%-5d ",
-		    inet_ntop(AF_INET6, &(id->dst_ip6), buff, sizeof(buff)),
+		    inet_ntop(AF_INET6_LINUX, &(id->dst_ip6), buff, sizeof(buff)),
 		    id->dst_port);
 	}
 	pr_u64(bp, &ni->tot_pkts, 4);
diff --git a/tools/ipfw/ipfw2.c b/tools/ipfw/ipfw2.c
index a50326862..5432e3763 100644
--- a/tools/ipfw/ipfw2.c
+++ b/tools/ipfw/ipfw2.c
@@ -2181,9 +2181,9 @@ show_dyn_state(struct cmdline_opts *co, struct format_opts *fo,
 		a.s_addr = htonl(d->id.dst_ip);
 		bprintf(bp, " <-> %s %d", inet_ntoa(a), d->id.dst_port);
 	} else if (d->id.addr_type == 6) {
-		bprintf(bp, " %s %d", inet_ntop(AF_INET6, &d->id.src_ip6, buf,
+		bprintf(bp, " %s %d", inet_ntop(AF_INET6_LINUX, &d->id.src_ip6, buf,
 		    sizeof(buf)), d->id.src_port);
-		bprintf(bp, " <-> %s %d", inet_ntop(AF_INET6, &d->id.dst_ip6,
+		bprintf(bp, " <-> %s %d", inet_ntop(AF_INET6_LINUX, &d->id.dst_ip6,
 		    buf, sizeof(buf)), d->id.dst_port);
 	} else
 		bprintf(bp, " UNKNOWN <-> UNKNOWN\n");
@@ -3559,11 +3559,11 @@ add_src(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
 		host = av;
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
-	    inet_pton(AF_INET6, host, &a) == 1)
+	    inet_pton(AF_INET6_LINUX, host, &a) == 1)
 		ret = add_srcip6(cmd, av, cblen);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
-	    inet_pton(AF_INET6, host, &a) != 1))
+	    inet_pton(AF_INET6_LINUX, host, &a) != 1))
 		ret = add_srcip(cmd, av, cblen, tstate);
 	if (ret == NULL && strcmp(av, "any") != 0)
 		ret = cmd;
@@ -3590,11 +3590,11 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
 		host = av;
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
-	    inet_pton(AF_INET6, host, &a) == 1)
+	    inet_pton(AF_INET6_LINUX, host, &a) == 1)
 		ret = add_dstip6(cmd, av, cblen);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
-	    inet_pton(AF_INET6, host, &a) != 1))
+	    inet_pton(AF_INET6_LINUX, host, &a) != 1))
 		ret = add_dstip(cmd, av, cblen, tstate);
 	if (ret == NULL && strcmp(av, "any") != 0)
 		ret = cmd;
@@ -3884,7 +3884,7 @@ chkarg:
 			CHECK_ACTLEN;
 
 			p->sa.sin6_len = sizeof(struct sockaddr_in6);
-			p->sa.sin6_family = AF_INET6;
+			p->sa.sin6_family = AF_INET6_LINUX;
 			p->sa.sin6_port = port_number;
 			p->sa.sin6_flowinfo = 0;
 			p->sa.sin6_scope_id =
diff --git a/tools/ipfw/ipv6.c b/tools/ipfw/ipv6.c
index 6d884ee91..b3828cb77 100644
--- a/tools/ipfw/ipv6.c
+++ b/tools/ipfw/ipv6.c
@@ -42,6 +42,8 @@
 #include <netinet/ip_fw.h>
 #include <arpa/inet.h>
 
+#include "compat.h"
+
 #define	CHECK_LENGTH(v, len) do {			\
 	if ((v) < (len))				\
 		errx(EX_DATAERR, "Rule too long");	\
@@ -115,18 +117,18 @@ print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd, char const *s)
 	       128 : contigmask((uint8_t *)&(a[1]), 128);
 
 	   if (mb == 128 && co.do_resolv)
-	       he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6);
+	       he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6_LINUX);
 	   if (he != NULL)	     /* resolved to name */
 	       bprintf(bp, "%s", he->h_name);
 	   else if (mb == 0)	   /* any */
 	       bprintf(bp, "any");
 	   else {	  /* numeric IP followed by some kind of mask */
-	       if (inet_ntop(AF_INET6,  a, trad, sizeof( trad ) ) == NULL)
+	       if (inet_ntop(AF_INET6_LINUX,  a, trad, sizeof( trad ) ) == NULL)
 		   bprintf(bp, "Error ntop in print_ip6\n");
 	       bprintf(bp, "%s",  trad );
 	       if (mb < 0)     /* XXX not really legal... */
 		   bprintf(bp, ":%s",
-		       inet_ntop(AF_INET6, &a[1], trad, sizeof(trad)));
+		       inet_ntop(AF_INET6_LINUX, &a[1], trad, sizeof(trad)));
 	       else if (mb < 128)
 		   bprintf(bp, "/%d", mb);
 	   }
@@ -309,8 +311,8 @@ lookup_host6 (char *host, struct in6_addr *ip6addr)
 {
 	struct hostent *he;
 
-	if (!inet_pton(AF_INET6, host, ip6addr)) {
-		if ((he = gethostbyname2(host, AF_INET6)) == NULL)
+	if (!inet_pton(AF_INET6_LINUX, host, ip6addr)) {
+		if ((he = gethostbyname2(host, AF_INET6_LINUX)) == NULL)
 			return(-1);
 		memcpy(ip6addr, he->h_addr_list[0], sizeof( struct in6_addr));
 	}
diff --git a/tools/ipfw/main.c b/tools/ipfw/main.c
index b9fd4a878..e660b9b76 100644
--- a/tools/ipfw/main.c
+++ b/tools/ipfw/main.c
@@ -33,6 +33,8 @@
 
 #ifdef FSTACK
 #include <stdint.h>
+#include "compat.h"
+
 #include "ff_ipc.h"
 #endif
 
@@ -84,6 +86,9 @@ help(void)
 "	setup | {tcpack|tcpseq|tcpwin} NN | tcpflags SPEC | tcpoptions SPEC |\n"
 "	tcpdatalen LIST | verrevpath | versrcreach | antispoof\n"
 );
+#ifdef FSTACK
+			ff_ipc_exit();
+#endif
 
 	exit(0);
 }
@@ -661,5 +666,8 @@ main(int ac, char *av[])
 			    "do \"ipfw -h\" or \"man ipfw\" for details");
 		}
 	}
+#ifdef FSTACK
+	ff_ipc_exit();
+#endif
 	return EX_OK;
 }
diff --git a/tools/ipfw/tables.c b/tools/ipfw/tables.c
index c09938267..945f73664 100644
--- a/tools/ipfw/tables.c
+++ b/tools/ipfw/tables.c
@@ -1145,7 +1145,7 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
 
 			masklen = p ? mask : 32;
 			af = AF_INET;
-		} else if (inet_pton(AF_INET6, arg, paddr) == 1) {
+		} else if (inet_pton(AF_INET6_LINUX, arg, paddr) == 1) {
 			if (IN6_IS_ADDR_V4COMPAT(paddr))
 				errx(EX_DATAERR,
 				    "Use IPv4 instead of v4-compatible");
@@ -1154,7 +1154,7 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
 				    p + 1);
 
 			masklen = p ? mask : 128;
-			af = AF_INET6;
+			af = AF_INET6_LINUX;
 		} else {
 			/* Assume FQDN */
 			if (lookup_host(arg, (struct in_addr *)paddr) != 0)
@@ -1198,11 +1198,11 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
 					    "Inconsistent address family\n");
 				af = AF_INET;
 				memcpy(&tfe->a.a4.sip, &tmp, 4);
-			} else if (inet_pton(AF_INET6, arg, &tmp) == 1) {
-				if (af != 0 && af != AF_INET6)
+			} else if (inet_pton(AF_INET6_LINUX, arg, &tmp) == 1) {
+				if (af != 0 && af != AF_INET6_LINUX)
 					errx(EX_DATAERR,
 					    "Inconsistent address family\n");
-				af = AF_INET6;
+				af = AF_INET6_LINUX;
 				memcpy(&tfe->a.a6.sip6, &tmp, 16);
 			}
 
@@ -1266,11 +1266,11 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
 					    "Inconsistent address family");
 				af = AF_INET;
 				memcpy(&tfe->a.a4.dip, &tmp, 4);
-			} else if (inet_pton(AF_INET6, arg, &tmp) == 1) {
-				if (af != 0 && af != AF_INET6)
+			} else if (inet_pton(AF_INET6_LINUX, arg, &tmp) == 1) {
+				if (af != 0 && af != AF_INET6_LINUX)
 					errx(EX_DATAERR,
 					    "Inconsistent address family");
-				af = AF_INET6;
+				af = AF_INET6_LINUX;
 				memcpy(&tfe->a.a6.dip6, &tmp, 16);
 			}
 
@@ -1329,7 +1329,7 @@ guess_key_type(char *key, uint8_t *ptype)
 			*p = '\0';
 
 		if ((inet_pton(AF_INET, key, &addr) == 1) ||
-		    (inet_pton(AF_INET6, key, &addr) == 1)) {
+		    (inet_pton(AF_INET6_LINUX, key, &addr) == 1)) {
 			*ptype = IPFW_TABLE_CIDR;
 			if (p != NULL)
 				*p = '/';
@@ -1559,7 +1559,7 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg,
 		case IPFW_VTYPE_NH6:
 			if (strchr(n, ':') != NULL) {
 				memset(&hints, 0, sizeof(hints));
-				hints.ai_family = AF_INET6;
+				hints.ai_family = AF_INET6_LINUX;
 				hints.ai_flags = AI_NUMERICHOST;
 				if (getaddrinfo(n, NULL, &hints, &res) == 0) {
 					v->nh6 = ((struct sockaddr_in6 *)
@@ -1776,7 +1776,7 @@ table_show_value(char *buf, size_t bufsize, ipfw_table_value *v,
 			l = snprintf(buf, sz, "%d,", v->dscp);
 			break;
 		case IPFW_VTYPE_NH6:
-			sa6.sin6_family = AF_INET6;
+			sa6.sin6_family = AF_INET6_LINUX;
 			sa6.sin6_len = sizeof(sa6);
 			sa6.sin6_addr = v->nh6;
 			sa6.sin6_port = 0;