--- fwsync/driver/fwsync.c	2022/08/26 13:33:43	1.12.2.1
+++ fwsync/driver/fwsync.c	2022/08/26 14:40:32	1.12.2.2
@@ -266,7 +266,39 @@ fwsync_get_cfg(struct ip_fw_chain *ch, ip_fw3_opheader
 int
 fwsync_list(struct ip_fw_chain *ch, ip_fw3_opheader *op3, struct sockopt_data *sd)
 {
+	ipfw_obj_header *oh;
+	struct ipfw_sync_cfg *ucfg;
+	size_t sz;
+
 	DTRACE();
+
+	sz = sizeof(*oh) + sizeof(*ucfg);
+	/* Check minimum header size */
+	if (sd->valsize < sz)
+		return (EINVAL);
+
+	oh = (struct _ipfw_obj_header*) ipfw_get_sopt_header(sd, sz);
+
+	/* Basic length checks for TLVs */
+	if (oh->ntlv.head.length != sizeof(oh->ntlv))
+		return (EINVAL);
+
+	ucfg = (struct ipfw_sync_cfg*) (oh + 1);
+
+	/* Check if name is properly terminated */
+	if (strnlen(ucfg->name, sizeof(ucfg->name)) == sizeof(ucfg->name))
+		return (EINVAL);
+
+	ucfg->mode = 0;
+	if (fws_cfg.cfg.edge)
+		ucfg->mode |= CFG_SYNC_EDGE;
+	if (fws_cfg.cfg.collector)
+		ucfg->mode |= CFG_SYNC_COLLECTOR;
+	ucfg->addrs = 2;
+	memcpy(ucfg->addr[0].ip6.sin6_addr.s6_addr, &fws_acct.states[0], sizeof(uint64_t));
+	memcpy(ucfg->addr[0].ip6.sin6_addr.s6_addr + 8, &fws_acct.states[1], sizeof(uint64_t));
+	memcpy(ucfg->addr[1].ip6.sin6_addr.s6_addr, &fws_acct.aliases[0], sizeof(uint64_t));
+	memcpy(ucfg->addr[1].ip6.sin6_addr.s6_addr + 8, &fws_acct.aliases[1], sizeof(uint64_t));
 
 	return 0;
 }