From f2a66f8e17f4ca355bf278ecc9055fc2d3d2b04b Mon Sep 17 00:00:00 2001
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Thu, 15 Sep 2011 12:28:17 +0000
Subject: [PATCH] Add IPv6 support to the ng_ipfw(4) [1]. Also add ifdefs to be
 able build it with and without INET/INET6 support.

Submitted by:	Alexander V. Chernikov <melifaro at yandex-team.ru> [1]
Tested by:	Alexander V. Chernikov <melifaro at yandex-team.ru> [1]
Approved by:	re (bz)
MFC after:	2 weeks
---
 sys/modules/netgraph/ipfw/Makefile | 16 ++++++++-
 sys/netgraph/ng_ipfw.c             | 54 +++++++++++++++++++++++-------
 2 files changed, 57 insertions(+), 13 deletions(-)

diff --git a/sys/modules/netgraph/ipfw/Makefile b/sys/modules/netgraph/ipfw/Makefile
index b40abcfbf57..cc3f0f24e2a 100644
--- a/sys/modules/netgraph/ipfw/Makefile
+++ b/sys/modules/netgraph/ipfw/Makefile
@@ -1,6 +1,20 @@
 # $FreeBSD$
 
+.include <bsd.own.mk>
+
 KMOD=	ng_ipfw
-SRCS= 	ng_ipfw.c
+SRCS= 	ng_ipfw.c opt_inet.h opt_inet6.h
+
+.if !defined(KERNBUILDDIR)
+
+.if ${MK_INET_SUPPORT} != "no"
+opt_inet.h:
+	echo "#define INET 1" > ${.TARGET}
+.endif
+.if ${MK_INET6_SUPPORT} != "no"
+opt_inet6.h:
+	echo "#define INET6 1" > ${.TARGET}
+.endif
+.endif
 
 .include <bsd.kmod.mk>
diff --git a/sys/netgraph/ng_ipfw.c b/sys/netgraph/ng_ipfw.c
index 68bd89c09e8..4f1bc0ee94d 100644
--- a/sys/netgraph/ng_ipfw.c
+++ b/sys/netgraph/ng_ipfw.c
@@ -26,6 +26,9 @@
  * $FreeBSD$
  */
 
+#include "opt_inet.h"
+#include "opt_inet6.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
@@ -47,6 +50,8 @@
 #include <netinet/ip_fw.h>
 #include <netinet/ipfw/ip_fw_private.h>
 #include <netinet/ip.h>
+#include <netinet/ip6.h>
+#include <netinet6/ip6_var.h>
 
 #include <netgraph/ng_message.h>
 #include <netgraph/ng_parse.h>
@@ -224,6 +229,7 @@ ng_ipfw_rcvdata(hook_p hook, item_p item)
 	struct m_tag *tag;
 	struct ipfw_rule_ref *r;
 	struct mbuf *m;
+	struct ip *ip;
 
 	NGI_GET_M(item, m);
 	NG_FREE_ITEM(item);
@@ -234,23 +240,47 @@ ng_ipfw_rcvdata(hook_p hook, item_p item)
 		return (EINVAL);	/* XXX: find smth better */
 	};
 
+	if (m->m_len < sizeof(struct ip) &&
+	    (m = m_pullup(m, sizeof(struct ip))) == NULL)
+		return (EINVAL);
+
+	ip = mtod(m, struct ip *);
+
 	r = (struct ipfw_rule_ref *)(tag + 1);
 	if (r->info & IPFW_INFO_IN) {
-		ip_input(m);
+		switch (ip->ip_v) {
+#ifdef INET
+		case IPVERSION:
+			ip_input(m);
+			break;
+#endif
+#ifdef INET6
+		case IPV6_VERSION >> 4:
+			ip6_input(m);
+			break;
+#endif
+		default:
+			NG_FREE_M(m);
+			return (EINVAL);
+		}
 		return (0);
 	} else {
-		struct ip *ip;
-
-		if (m->m_len < sizeof(struct ip) &&
-		    (m = m_pullup(m, sizeof(struct ip))) == NULL)
+		switch (ip->ip_v) {
+#ifdef INET
+		case IPVERSION:
+			SET_HOST_IPLEN(ip);
+			return (ip_output(m, NULL, NULL, IP_FORWARDING,
+			    NULL, NULL));
+#endif
+#ifdef INET6
+		case IPV6_VERSION >> 4:
+			return (ip6_output(m, NULL, NULL, 0, NULL,
+			    NULL, NULL));
+#endif
+		default:
 			return (EINVAL);
-
-		ip = mtod(m, struct ip *);
-
-		SET_HOST_IPLEN(ip);
-
-		return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
-	}	
+		}
+	}
 }
 
 static int