From 11a68e521e62abe385482e34f3a2b3d7eb765c34 Mon Sep 17 00:00:00 2001
From: Evgeniy Khramtsov <evgeniy@khramtsov.org>
Date: Sun, 16 Jul 2023 18:32:34 +0000
Subject: [PATCH] nfq/darkmagic: unbreak IPv6 on FreeBSD 14

https://github.com/freebsd/freebsd-src/blob/4da7282a1882/sys/netinet/ip_divert.c#L321
allows only AF_INET in sa, causing runtime issue with IPv6:
[...]
rawsend: sendto_divert: Address family not supported by protocol family
[...]

After hardcoding AF_INET in sa, sin_len check returns EINVAL:
[...]
rawsend: sendto_divert: Invalid argument
[...]

FreeBSD's div_output_outbound() past check still handles AF_INET6,
and --dpi-desync=fake,split works after hardcoding sa AF and len
to get past the check.
---
 nfq/darkmagic.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nfq/darkmagic.c b/nfq/darkmagic.c
index 0d4f25a..1365eec 100644
--- a/nfq/darkmagic.c
+++ b/nfq/darkmagic.c
@@ -918,6 +918,10 @@ static int rawsend_sendto_divert(sa_family_t family, int sock, const void *buf,
 	socklen_t slen;
 
 	memset(&sa,0,sizeof(sa));
+#if __FreeBSD_version >= 1400066 && defined(PF_DIVERT)
+	sa.ss_family = AF_INET;
+	slen = sizeof(struct sockaddr_in);
+#else
 	sa.ss_family = family;
 	switch(family)
 	{
@@ -930,6 +934,7 @@ static int rawsend_sendto_divert(sa_family_t family, int sock, const void *buf,
 		default:
 			return -1;
 	}
+#endif
 	return sendto(sock, buf, len, 0, (struct sockaddr*)&sa, slen);
 }
 #endif