Date: Tue, 14 Feb 2012 22:06:09 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r231715 - in projects/multi-fibv6/9: contrib/netcat contrib/pf/pfctl etc/rc.d share/man/man4 sys/contrib/pf/net sys/fs/nfsclient sys/kern sys/net sys/netinet sys/netinet/ipfw sys/netine... Message-ID: <201202142206.q1EM69AI021318@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Tue Feb 14 22:06:08 2012 New Revision: 231715 URL: http://svn.freebsd.org/changeset/base/231715 Log: Initial backport of the multi-FIB IPv6 changes from HEAD. Sponsored by: Cisco Systems, Inc. Modified: projects/multi-fibv6/9/contrib/netcat/netcat.c projects/multi-fibv6/9/contrib/pf/pfctl/parse.y projects/multi-fibv6/9/etc/rc.d/routing projects/multi-fibv6/9/share/man/man4/faith.4 projects/multi-fibv6/9/sys/contrib/pf/net/pf.c projects/multi-fibv6/9/sys/contrib/pf/net/pf_ioctl.c projects/multi-fibv6/9/sys/contrib/pf/net/pf_lb.c projects/multi-fibv6/9/sys/contrib/pf/net/pf_norm.c projects/multi-fibv6/9/sys/contrib/pf/net/pfvar.h projects/multi-fibv6/9/sys/fs/nfsclient/nfs_clport.c projects/multi-fibv6/9/sys/fs/nfsclient/nfs_clvfsops.c projects/multi-fibv6/9/sys/kern/uipc_socket.c projects/multi-fibv6/9/sys/net/flowtable.c projects/multi-fibv6/9/sys/net/if_faith.c projects/multi-fibv6/9/sys/net/route.c projects/multi-fibv6/9/sys/net/route.h projects/multi-fibv6/9/sys/netinet/in.c projects/multi-fibv6/9/sys/netinet/ipfw/ip_fw2.c projects/multi-fibv6/9/sys/netinet/sctp_os_bsd.h projects/multi-fibv6/9/sys/netinet/tcp_subr.c projects/multi-fibv6/9/sys/netinet6/icmp6.c projects/multi-fibv6/9/sys/netinet6/in6.c projects/multi-fibv6/9/sys/netinet6/in6_gif.c projects/multi-fibv6/9/sys/netinet6/in6_ifattach.c projects/multi-fibv6/9/sys/netinet6/in6_mcast.c projects/multi-fibv6/9/sys/netinet6/in6_rmx.c projects/multi-fibv6/9/sys/netinet6/in6_src.c projects/multi-fibv6/9/sys/netinet6/in6_var.h projects/multi-fibv6/9/sys/netinet6/ip6_forward.c projects/multi-fibv6/9/sys/netinet6/ip6_input.c projects/multi-fibv6/9/sys/netinet6/ip6_output.c projects/multi-fibv6/9/sys/netinet6/ip6_var.h projects/multi-fibv6/9/sys/netinet6/nd6.c projects/multi-fibv6/9/sys/netinet6/nd6_nbr.c projects/multi-fibv6/9/sys/netinet6/nd6_rtr.c projects/multi-fibv6/9/sys/netinet6/raw_ip6.c projects/multi-fibv6/9/sys/netipsec/ipsec_output.c projects/multi-fibv6/9/sys/nfs/bootp_subr.c projects/multi-fibv6/9/sys/nfsclient/nfs_vfsops.c projects/multi-fibv6/9/usr.bin/netstat/route.c Modified: projects/multi-fibv6/9/contrib/netcat/netcat.c ============================================================================== --- projects/multi-fibv6/9/contrib/netcat/netcat.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/contrib/netcat/netcat.c Tue Feb 14 22:06:08 2012 (r231715) @@ -605,8 +605,10 @@ remote_connect(const char *host, const c #endif if (rtableid) { - if (setfib(rtableid) == -1) - err(1, "setfib"); + if (setsockopt(s, SOL_SOCKET, SO_SETFIB, &rtableid, + sizeof(rtableid)) == -1) + err(1, "setsockopt(.., SO_SETFIB, %u, ..)", + rtableid); } /* Bind to a local port or source address if specified. */ @@ -678,8 +680,11 @@ local_listen(char *host, char *port, str continue; if (rtableid) { - if (setfib(rtableid) == -1) - err(1, "setfib"); + ret = setsockopt(s, SOL_SOCKET, SO_SETFIB, &rtableid, + sizeof(rtableid)); + if (ret == -1) + err(1, "setsockopt(.., SO_SETFIB, %u, ..)", + rtableid); } ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); Modified: projects/multi-fibv6/9/contrib/pf/pfctl/parse.y ============================================================================== --- projects/multi-fibv6/9/contrib/pf/pfctl/parse.y Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/contrib/pf/pfctl/parse.y Tue Feb 14 22:06:08 2012 (r231715) @@ -33,6 +33,9 @@ __FBSDID("$FreeBSD$"); #include <sys/types.h> #include <sys/socket.h> #include <sys/stat.h> +#ifdef __FreeBSD__ +#include <sys/sysctl.h> +#endif #include <net/if.h> #include <netinet/in.h> #include <netinet/in_systm.h> @@ -335,6 +338,7 @@ int expand_skip_interface(struct node_ int check_rulestate(int); int getservice(char *); int rule_label(struct pf_rule *, char *); +int rt_tableid_max(void); void mv_rules(struct pf_ruleset *, struct pf_ruleset *); void decide_address_family(struct node_host *, sa_family_t *); @@ -1174,7 +1178,7 @@ scrub_opt : NODF { scrub_opts.randomid = 1; } | RTABLE NUMBER { - if ($2 < 0 /* || $2 > RT_TABLEID_MAX */) { + if ($2 < 0 || $2 > rt_tableid_max()) { yyerror("invalid rtable id"); YYERROR; } @@ -1322,7 +1326,7 @@ antispoof_opt : label { antispoof_opts.label = $1; } | RTABLE NUMBER { - if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) { + if ($2 < 0 || $2 > rt_tableid_max()) { yyerror("invalid rtable id"); YYERROR; } @@ -2361,7 +2365,7 @@ filter_opt : USER uids { filter_opts.prob = 1; } | RTABLE NUMBER { - if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) { + if ($2 < 0 || $2 > rt_tableid_max()) { yyerror("invalid rtable id"); YYERROR; } @@ -4190,7 +4194,7 @@ tagged : /* empty */ { $$.neg = 0; $$. rtable : /* empty */ { $$ = -1; } | RTABLE NUMBER { - if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) { + if ($2 < 0 || $2 > rt_tableid_max()) { yyerror("invalid rtable id"); YYERROR; } @@ -6051,3 +6055,23 @@ pfctl_load_anchors(int dev, struct pfctl return (0); } + +int +rt_tableid_max(void) +{ +#ifdef __FreeBSD__ + int fibs; + size_t l = sizeof(fibs); + + if (sysctlbyname("net.fibs", &fibs, &l, NULL, 0) == -1) + fibs = 16; /* XXX RT_MAXFIBS, at least limit it some. */ + /* + * As the OpenBSD code only compares > and not >= we need to adjust + * here given we only accept values of 0..n and want to avoid #ifdefs + * in the grammer. + */ + return (fibs - 1); +#else + return (RT_TABLEID_MAX); +#endif +} Modified: projects/multi-fibv6/9/etc/rc.d/routing ============================================================================== --- projects/multi-fibv6/9/etc/rc.d/routing Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/etc/rc.d/routing Tue Feb 14 22:06:08 2012 (r231715) @@ -137,12 +137,22 @@ static_inet() static_inet6() { - local _action i + local _action i fibs _action=$1 + # get the number of FIBs supported. + fibs=`sysctl -n net.fibs` + : ${fibs:=1} + # disallow "internal" addresses to appear on the wire - route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject - route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + i=0 + while test ${i} -lt ${fibs}; do + setfib -F ${i} route ${_action} \ + -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject + setfib -F ${i} route ${_action} \ + -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + i=$((i + 1)) + done case ${ipv6_defaultrouter} in [Nn][Oo] | '') @@ -214,8 +224,14 @@ static_inet6() # for the host case, you will allow to omit the identifiers. # Under this configuration, the packets will go to the default # interface. - route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject - route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject + i=0 + while test ${i} -lt ${fibs}; do + setfib -F ${i} route ${_action} \ + -inet6 fe80:: -prefixlen 10 ::1 -reject + setfib -F ${i} route ${_action} \ + -inet6 ff02:: -prefixlen 16 ::1 -reject + i=$((i + 1)) + done case ${ipv6_default_interface} in '') Modified: projects/multi-fibv6/9/share/man/man4/faith.4 ============================================================================== --- projects/multi-fibv6/9/share/man/man4/faith.4 Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/share/man/man4/faith.4 Tue Feb 14 22:06:08 2012 (r231715) @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 10, 1999 +.Dd January 23, 2012 .Dt FAITH 4 .Os .Sh NAME @@ -58,7 +58,7 @@ variable in .Xr rc.conf 5 . .Pp Special action will be taken when IPv6 TCP traffic is seen on a router, -and the routing table suggests to route it to the +and the default routing table suggests to route it to the .Nm interface. In this case, the packet will be accepted by the router, Modified: projects/multi-fibv6/9/sys/contrib/pf/net/pf.c ============================================================================== --- projects/multi-fibv6/9/sys/contrib/pf/net/pf.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/contrib/pf/net/pf.c Tue Feb 14 22:06:08 2012 (r231715) @@ -320,7 +320,7 @@ u_int8_t pf_get_wscale(struct mbuf *, u_int16_t pf_get_mss(struct mbuf *, int, u_int16_t, sa_family_t); u_int16_t pf_calc_mss(struct pf_addr *, sa_family_t, - u_int16_t); + int, u_int16_t); void pf_set_rt_ifp(struct pf_state *, struct pf_addr *); int pf_check_proto_cksum(struct mbuf *, int, int, @@ -3137,7 +3137,7 @@ pf_get_mss(struct mbuf *m, int off, u_in } u_int16_t -pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer) +pf_calc_mss(struct pf_addr *addr, sa_family_t af, int rtableid, u_int16_t offer) { #ifdef INET struct sockaddr_in *dst; @@ -3166,11 +3166,7 @@ pf_calc_mss(struct pf_addr *addr, sa_fam dst->sin_len = sizeof(*dst); dst->sin_addr = addr->v4; #ifdef __FreeBSD__ -#ifdef RTF_PRCLONING - rtalloc_ign(&ro, (RTF_CLONING | RTF_PRCLONING)); -#else /* !RTF_PRCLONING */ - in_rtalloc_ign(&ro, 0, 0); -#endif + in_rtalloc_ign(&ro, 0, rtableid); #else /* ! __FreeBSD__ */ rtalloc_noclone(&ro, NO_CLONING); #endif @@ -3186,12 +3182,7 @@ pf_calc_mss(struct pf_addr *addr, sa_fam dst6->sin6_len = sizeof(*dst6); dst6->sin6_addr = addr->v6; #ifdef __FreeBSD__ -#ifdef RTF_PRCLONING - rtalloc_ign((struct route *)&ro6, - (RTF_CLONING | RTF_PRCLONING)); -#else /* !RTF_PRCLONING */ - rtalloc_ign((struct route *)&ro6, 0); -#endif + in6_rtalloc_ign(&ro6, 0, rtableid); #else /* ! __FreeBSD__ */ rtalloc_noclone((struct route *)&ro6, NO_CLONING); #endif @@ -3532,14 +3523,14 @@ pf_test_rule(struct pf_rule **rm, struct else if (r->proto && r->proto != pd->proto) r = r->skip[PF_SKIP_PROTO].ptr; else if (PF_MISMATCHAW(&r->src.addr, saddr, af, - r->src.neg, kif)) + r->src.neg, kif, M_GETFIB(m))) r = r->skip[PF_SKIP_SRC_ADDR].ptr; /* tcp/udp only. port_op always 0 in other cases */ else if (r->src.port_op && !pf_match_port(r->src.port_op, r->src.port[0], r->src.port[1], sport)) r = r->skip[PF_SKIP_SRC_PORT].ptr; else if (PF_MISMATCHAW(&r->dst.addr, daddr, af, - r->dst.neg, NULL)) + r->dst.neg, NULL, M_GETFIB(m))) r = r->skip[PF_SKIP_DST_ADDR].ptr; /* tcp/udp only. port_op always 0 in other cases */ else if (r->dst.port_op && !pf_match_port(r->dst.port_op, @@ -3988,9 +3979,10 @@ pf_create_state(struct pf_rule *r, struc } s->src.seqhi = htonl(arc4random()); /* Find mss option */ + int rtid = M_GETFIB(m); mss = pf_get_mss(m, off, th->th_off, pd->af); - mss = pf_calc_mss(pd->src, pd->af, mss); - mss = pf_calc_mss(pd->dst, pd->af, mss); + mss = pf_calc_mss(pd->src, pd->af, rtid, mss); + mss = pf_calc_mss(pd->dst, pd->af, rtid, mss); s->src.mss = mss; #ifdef __FreeBSD__ pf_send_tcp(NULL, r, pd->af, pd->dst, pd->src, th->th_dport, @@ -4072,10 +4064,10 @@ pf_test_fragment(struct pf_rule **rm, in else if (r->proto && r->proto != pd->proto) r = r->skip[PF_SKIP_PROTO].ptr; else if (PF_MISMATCHAW(&r->src.addr, pd->src, af, - r->src.neg, kif)) + r->src.neg, kif, M_GETFIB(m))) r = r->skip[PF_SKIP_SRC_ADDR].ptr; else if (PF_MISMATCHAW(&r->dst.addr, pd->dst, af, - r->dst.neg, NULL)) + r->dst.neg, NULL, M_GETFIB(m))) r = r->skip[PF_SKIP_DST_ADDR].ptr; else if (r->tos && !(r->tos == pd->tos)) r = TAILQ_NEXT(r, entries); @@ -5677,7 +5669,8 @@ pf_pull_hdr(struct mbuf *m, int off, voi } int -pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *kif) +pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *kif, + int rtableid) { #ifdef __FreeBSD__ #ifdef RADIX_MPATH @@ -5751,13 +5744,21 @@ pf_routable(struct pf_addr *addr, sa_fam goto out; #ifdef __FreeBSD__ -/* XXX MRT not always INET */ /* stick with table 0 though */ + switch (af) { +#ifdef INET6 + case AF_INET6: + in6_rtalloc_ign(&ro, 0, rtableid); + break; +#endif #ifdef INET - if (af == AF_INET) - in_rtalloc_ign((struct route *)&ro, 0, 0); - else + case AF_INET: + in_rtalloc_ign((struct route *)&ro, 0, rtableid); + break; #endif - rtalloc_ign((struct route *)&ro, 0); + default: + rtalloc_ign((struct route *)&ro, 0); /* No/default FIB. */ + break; + } #else /* ! __FreeBSD__ */ rtalloc_noclone((struct route *)&ro, NO_CLONING); #endif @@ -5803,7 +5804,8 @@ out: } int -pf_rtlabel_match(struct pf_addr *addr, sa_family_t af, struct pf_addr_wrap *aw) +pf_rtlabel_match(struct pf_addr *addr, sa_family_t af, struct pf_addr_wrap *aw, + int rtableid) { struct sockaddr_in *dst; #ifdef INET6 @@ -5835,16 +5837,21 @@ pf_rtlabel_match(struct pf_addr *addr, s } #ifdef __FreeBSD__ -# ifdef RTF_PRCLONING - rtalloc_ign((struct route *)&ro, (RTF_CLONING|RTF_PRCLONING)); -# else /* !RTF_PRCLONING */ + switch (af) { +#ifdef INET6 + case AF_INET6: + in6_rtalloc_ign(&ro, 0, rtableid); + break; +#endif #ifdef INET - if (af == AF_INET) - in_rtalloc_ign((struct route *)&ro, 0, 0); - else + case AF_INET: + in_rtalloc_ign((struct route *)&ro, 0, rtableid); + break; #endif + default: rtalloc_ign((struct route *)&ro, 0); -# endif + break; + } #else /* ! __FreeBSD__ */ rtalloc_noclone((struct route *)&ro, NO_CLONING); #endif @@ -5927,7 +5934,7 @@ pf_route(struct mbuf **m, struct pf_rule if (r->rt == PF_FASTROUTE) { #ifdef __FreeBSD__ - in_rtalloc(ro, 0); + in_rtalloc_ign(ro, 0, M_GETFIB(m0)); #else rtalloc(ro); #endif @@ -6893,7 +6900,7 @@ done: ("pf: dropping packet with ip options\n")); } - if ((s && s->tag) || r->rtableid) + if ((s && s->tag) || r->rtableid >= 0) #ifdef __FreeBSD__ pf_tag_packet(m, s ? s->tag : 0, r->rtableid, pd.pf_mtag); #else @@ -7437,7 +7444,7 @@ done: ("pf: dropping packet with dangerous v6 headers\n")); } - if ((s && s->tag) || r->rtableid) + if ((s && s->tag) || r->rtableid >= 0) #ifdef __FreeBSD__ pf_tag_packet(m, s ? s->tag : 0, r->rtableid, pd.pf_mtag); #else Modified: projects/multi-fibv6/9/sys/contrib/pf/net/pf_ioctl.c ============================================================================== --- projects/multi-fibv6/9/sys/contrib/pf/net/pf_ioctl.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/contrib/pf/net/pf_ioctl.c Tue Feb 14 22:06:08 2012 (r231715) @@ -1754,7 +1754,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a } #ifdef __FreeBSD__ /* ROUTING */ - if (rule->rtableid > 0 && rule->rtableid > rt_numfibs) + if (rule->rtableid > 0 && rule->rtableid >= rt_numfibs) #else if (rule->rtableid > 0 && !rtable_exists(rule->rtableid)) #endif @@ -2035,7 +2035,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a if (newrule->rtableid > 0 && #ifdef __FreeBSD__ /* ROUTING */ - newrule->rtableid > rt_numfibs) + newrule->rtableid >= rt_numfibs) #else !rtable_exists(newrule->rtableid)) #endif Modified: projects/multi-fibv6/9/sys/contrib/pf/net/pf_lb.c ============================================================================== --- projects/multi-fibv6/9/sys/contrib/pf/net/pf_lb.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/contrib/pf/net/pf_lb.c Tue Feb 14 22:06:08 2012 (r231715) @@ -261,7 +261,7 @@ pf_match_translation(struct pf_pdesc *pd else if (r->proto && r->proto != pd->proto) r = r->skip[PF_SKIP_PROTO].ptr; else if (PF_MISMATCHAW(&src->addr, saddr, pd->af, - src->neg, kif)) + src->neg, kif, M_GETFIB(m))) r = r->skip[src == &r->src ? PF_SKIP_SRC_ADDR : PF_SKIP_DST_ADDR].ptr; else if (src->port_op && !pf_match_port(src->port_op, @@ -269,10 +269,11 @@ pf_match_translation(struct pf_pdesc *pd r = r->skip[src == &r->src ? PF_SKIP_SRC_PORT : PF_SKIP_DST_PORT].ptr; else if (dst != NULL && - PF_MISMATCHAW(&dst->addr, daddr, pd->af, dst->neg, NULL)) + PF_MISMATCHAW(&dst->addr, daddr, pd->af, dst->neg, NULL, + M_GETFIB(m))) r = r->skip[PF_SKIP_DST_ADDR].ptr; else if (xdst != NULL && PF_MISMATCHAW(xdst, daddr, pd->af, - 0, NULL)) + 0, NULL, M_GETFIB(m))) r = TAILQ_NEXT(r, entries); else if (dst != NULL && dst->port_op && !pf_match_port(dst->port_op, dst->port[0], Modified: projects/multi-fibv6/9/sys/contrib/pf/net/pf_norm.c ============================================================================== --- projects/multi-fibv6/9/sys/contrib/pf/net/pf_norm.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/contrib/pf/net/pf_norm.c Tue Feb 14 22:06:08 2012 (r231715) @@ -1163,11 +1163,11 @@ pf_normalize_ip(struct mbuf **m0, int di r = r->skip[PF_SKIP_PROTO].ptr; else if (PF_MISMATCHAW(&r->src.addr, (struct pf_addr *)&h->ip_src.s_addr, AF_INET, - r->src.neg, kif)) + r->src.neg, kif, M_GETFIB(m))) r = r->skip[PF_SKIP_SRC_ADDR].ptr; else if (PF_MISMATCHAW(&r->dst.addr, (struct pf_addr *)&h->ip_dst.s_addr, AF_INET, - r->dst.neg, NULL)) + r->dst.neg, NULL, M_GETFIB(m))) r = r->skip[PF_SKIP_DST_ADDR].ptr; #ifdef __FreeBSD__ else if (r->match_tag && !pf_match_tag(m, r, &tag, pd->pf_mtag)) @@ -1428,11 +1428,11 @@ pf_normalize_ip6(struct mbuf **m0, int d #endif else if (PF_MISMATCHAW(&r->src.addr, (struct pf_addr *)&h->ip6_src, AF_INET6, - r->src.neg, kif)) + r->src.neg, kif, M_GETFIB(m))) r = r->skip[PF_SKIP_SRC_ADDR].ptr; else if (PF_MISMATCHAW(&r->dst.addr, (struct pf_addr *)&h->ip6_dst, AF_INET6, - r->dst.neg, NULL)) + r->dst.neg, NULL, M_GETFIB(m))) r = r->skip[PF_SKIP_DST_ADDR].ptr; else break; @@ -1593,13 +1593,13 @@ pf_normalize_tcp(int dir, struct pfi_kif else if (r->proto && r->proto != pd->proto) r = r->skip[PF_SKIP_PROTO].ptr; else if (PF_MISMATCHAW(&r->src.addr, pd->src, af, - r->src.neg, kif)) + r->src.neg, kif, M_GETFIB(m))) r = r->skip[PF_SKIP_SRC_ADDR].ptr; else if (r->src.port_op && !pf_match_port(r->src.port_op, r->src.port[0], r->src.port[1], th->th_sport)) r = r->skip[PF_SKIP_SRC_PORT].ptr; else if (PF_MISMATCHAW(&r->dst.addr, pd->dst, af, - r->dst.neg, NULL)) + r->dst.neg, NULL, M_GETFIB(m))) r = r->skip[PF_SKIP_DST_ADDR].ptr; else if (r->dst.port_op && !pf_match_port(r->dst.port_op, r->dst.port[0], r->dst.port[1], th->th_dport)) Modified: projects/multi-fibv6/9/sys/contrib/pf/net/pfvar.h ============================================================================== --- projects/multi-fibv6/9/sys/contrib/pf/net/pfvar.h Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/contrib/pf/net/pfvar.h Tue Feb 14 22:06:08 2012 (r231715) @@ -402,14 +402,18 @@ extern struct mtx pf_task_mtx; #endif /* PF_INET6_ONLY */ #endif /* PF_INET_INET6 */ -#define PF_MISMATCHAW(aw, x, af, neg, ifp) \ +/* + * XXX callers not FIB-aware in our version of pf yet. + * OpenBSD fixed it later it seems, 2010/05/07 13:33:16 claudio. + */ +#define PF_MISMATCHAW(aw, x, af, neg, ifp, rtid) \ ( \ (((aw)->type == PF_ADDR_NOROUTE && \ - pf_routable((x), (af), NULL)) || \ + pf_routable((x), (af), NULL, (rtid))) || \ (((aw)->type == PF_ADDR_URPFFAILED && (ifp) != NULL && \ - pf_routable((x), (af), (ifp))) || \ + pf_routable((x), (af), (ifp), (rtid))) || \ ((aw)->type == PF_ADDR_RTLABEL && \ - !pf_rtlabel_match((x), (af), (aw))) || \ + !pf_rtlabel_match((x), (af), (aw), (rtid))) || \ ((aw)->type == PF_ADDR_TABLE && \ !pfr_match_addr((aw)->p.tbl, (x), (af))) || \ ((aw)->type == PF_ADDR_DYNIFTL && \ @@ -1977,8 +1981,10 @@ int pf_normalize_tcp_stateful(struct mbu u_int32_t pf_state_expires(const struct pf_state *); void pf_purge_expired_fragments(void); -int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *); -int pf_rtlabel_match(struct pf_addr *, sa_family_t, struct pf_addr_wrap *); +int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *, + int); +int pf_rtlabel_match(struct pf_addr *, sa_family_t, struct pf_addr_wrap *, + int); #ifdef __FreeBSD__ int pf_socket_lookup(int, struct pf_pdesc *, struct inpcb *); #else Modified: projects/multi-fibv6/9/sys/fs/nfsclient/nfs_clport.c ============================================================================== --- projects/multi-fibv6/9/sys/fs/nfsclient/nfs_clport.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/fs/nfsclient/nfs_clport.c Tue Feb 14 22:06:08 2012 (r231715) @@ -976,7 +976,8 @@ nfscl_getmyip(struct nfsmount *nmp, int sad.sin_len = sizeof (struct sockaddr_in); sad.sin_addr.s_addr = sin->sin_addr.s_addr; CURVNET_SET(CRED_TO_VNET(nmp->nm_sockreq.nr_cred)); - rt = rtalloc1((struct sockaddr *)&sad, 0, 0UL); + rt = rtalloc1_fib((struct sockaddr *)&sad, 0, 0UL, + curthread->td_proc->p_fibnum); if (rt != NULL) { if (rt->rt_ifp != NULL && rt->rt_ifa != NULL && @@ -1001,7 +1002,8 @@ nfscl_getmyip(struct nfsmount *nmp, int sad6.sin6_len = sizeof (struct sockaddr_in6); sad6.sin6_addr = sin6->sin6_addr; CURVNET_SET(CRED_TO_VNET(nmp->nm_sockreq.nr_cred)); - rt = rtalloc1((struct sockaddr *)&sad6, 0, 0UL); + rt = rtalloc1_fib((struct sockaddr *)&sad6, 0, 0UL, + curthread->td_proc->p_fibnum); if (rt != NULL) { if (rt->rt_ifp != NULL && rt->rt_ifa != NULL && Modified: projects/multi-fibv6/9/sys/fs/nfsclient/nfs_clvfsops.c ============================================================================== --- projects/multi-fibv6/9/sys/fs/nfsclient/nfs_clvfsops.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/fs/nfsclient/nfs_clvfsops.c Tue Feb 14 22:06:08 2012 (r231715) @@ -459,10 +459,10 @@ nfs_mountroot(struct mount *mp) sin.sin_len = sizeof(sin); /* XXX MRT use table 0 for this sort of thing */ CURVNET_SET(TD_TO_VNET(td)); - error = rtrequest(RTM_ADD, (struct sockaddr *)&sin, + error = rtrequest_fib(RTM_ADD, (struct sockaddr *)&sin, (struct sockaddr *)&nd->mygateway, (struct sockaddr *)&mask, - RTF_UP | RTF_GATEWAY, NULL); + RTF_UP | RTF_GATEWAY, NULL, RT_DEFAULT_FIB); CURVNET_RESTORE(); if (error) panic("nfs_mountroot: RTM_ADD: %d", error); Modified: projects/multi-fibv6/9/sys/kern/uipc_socket.c ============================================================================== --- projects/multi-fibv6/9/sys/kern/uipc_socket.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/kern/uipc_socket.c Tue Feb 14 22:06:08 2012 (r231715) @@ -392,6 +392,7 @@ socreate(int dom, struct socket **aso, i so->so_type = type; so->so_cred = crhold(cred); if ((prp->pr_domain->dom_family == PF_INET) || + (prp->pr_domain->dom_family == PF_INET6) || (prp->pr_domain->dom_family == PF_ROUTE)) so->so_fibnum = td->td_proc->p_fibnum; else @@ -2498,12 +2499,13 @@ sosetopt(struct socket *so, struct socko case SO_SETFIB: error = sooptcopyin(sopt, &optval, sizeof optval, sizeof optval); - if (optval < 0 || optval > rt_numfibs) { + if (optval < 0 || optval >= rt_numfibs) { error = EINVAL; goto bad; } if (so->so_proto != NULL && ((so->so_proto->pr_domain->dom_family == PF_INET) || + (so->so_proto->pr_domain->dom_family == PF_INET6) || (so->so_proto->pr_domain->dom_family == PF_ROUTE))) { so->so_fibnum = optval; /* Note: ignore error */ Modified: projects/multi-fibv6/9/sys/net/flowtable.c ============================================================================== --- projects/multi-fibv6/9/sys/net/flowtable.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/net/flowtable.c Tue Feb 14 22:06:08 2012 (r231715) @@ -373,7 +373,7 @@ SYSCTL_VNET_PROC(_net_inet_flowtable, OI #ifndef RADIX_MPATH static void -in_rtalloc_ign_wrapper(struct route *ro, uint32_t hash, u_int fibnum) +rtalloc_ign_wrapper(struct route *ro, uint32_t hash, u_int fibnum) { rtalloc_ign_fib(ro, 0, fibnum); @@ -1312,7 +1312,7 @@ flowtable_alloc(char *name, int nentry, #ifdef RADIX_MPATH ft->ft_rtalloc = rtalloc_mpath_fib; #else - ft->ft_rtalloc = in_rtalloc_ign_wrapper; + ft->ft_rtalloc = rtalloc_ign_wrapper; #endif if (flags & FL_PCPU) { ft->ft_lock = flowtable_pcpu_lock; Modified: projects/multi-fibv6/9/sys/net/if_faith.c ============================================================================== --- projects/multi-fibv6/9/sys/net/if_faith.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/net/if_faith.c Tue Feb 14 22:06:08 2012 (r231715) @@ -338,7 +338,7 @@ faithprefix(in6) sin6.sin6_family = AF_INET6; sin6.sin6_len = sizeof(struct sockaddr_in6); sin6.sin6_addr = *in6; - rt = rtalloc1((struct sockaddr *)&sin6, 0, 0UL); + rt = in6_rtalloc1((struct sockaddr *)&sin6, 0, 0UL, RT_DEFAULT_FIB); if (rt && rt->rt_ifp && rt->rt_ifp->if_type == IFT_FAITH && (rt->rt_ifp->if_flags & IFF_UP) != 0) ret = 1; Modified: projects/multi-fibv6/9/sys/net/route.c ============================================================================== --- projects/multi-fibv6/9/sys/net/route.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/net/route.c Tue Feb 14 22:06:08 2012 (r231715) @@ -35,6 +35,7 @@ ***********************************************************************/ #include "opt_inet.h" +#include "opt_inet6.h" #include "opt_route.h" #include "opt_mrouting.h" #include "opt_mpath.h" @@ -72,7 +73,11 @@ SYSCTL_UINT(_net, OID_AUTO, fibs, CTLFLA /* * Allow the boot code to allow LESS than RT_MAXFIBS to be used. * We can't do more because storage is statically allocated for now. - * (for compatibility reasons.. this will change). + * (for compatibility reasons.. this will change. When this changes, code should + * be refactored to protocol independent parts and protocol dependent parts, + * probably hanging of domain(9) specific storage to not need the full + * fib * af RNH allocation etc. but allow tuning the number of tables per + * address family). */ TUNABLE_INT("net.fibs", &rt_numfibs); @@ -82,6 +87,9 @@ TUNABLE_INT("net.fibs", &rt_numfibs); * changes for the FIB of the caller when adding a new set of addresses * to an interface. XXX this is a shotgun aproach to a problem that needs * a more fine grained solution.. that will come. + * XXX also has the problems getting the FIB from curthread which will not + * always work given the fib can be overridden and prefixes can be added + * from the network stack context. */ u_int rt_add_addr_allfibs = 1; SYSCTL_UINT(_net, OID_AUTO, add_addr_allfibs, CTLFLAG_RW, @@ -196,27 +204,23 @@ vnet_route_init(const void *unused __unu V_rtzone = uma_zcreate("rtentry", sizeof(struct rtentry), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); for (dom = domains; dom; dom = dom->dom_next) { - if (dom->dom_rtattach) { - for (table = 0; table < rt_numfibs; table++) { - if ( (fam = dom->dom_family) == AF_INET || - table == 0) { - /* for now only AF_INET has > 1 table */ - /* XXX MRT - * rtattach will be also called - * from vfs_export.c but the - * offset will be 0 - * (only for AF_INET and AF_INET6 - * which don't need it anyhow) - */ - rnh = rt_tables_get_rnh_ptr(table, fam); - if (rnh == NULL) - panic("%s: rnh NULL", __func__); - dom->dom_rtattach((void **)rnh, - dom->dom_rtoffset); - } else { - break; - } - } + if (dom->dom_rtattach == NULL) + continue; + + for (table = 0; table < rt_numfibs; table++) { + fam = dom->dom_family; + if (table != 0 && fam != AF_INET6 && fam != AF_INET) + break; + + /* + * XXX MRT rtattach will be also called from + * vfs_export.c but the offset will be 0 (only for + * AF_INET and AF_INET6 which don't need it anyhow). + */ + rnh = rt_tables_get_rnh_ptr(table, fam); + if (rnh == NULL) + panic("%s: rnh NULL", __func__); + dom->dom_rtattach((void **)rnh, dom->dom_rtoffset); } } } @@ -233,20 +237,19 @@ vnet_route_uninit(const void *unused __u struct radix_node_head **rnh; for (dom = domains; dom; dom = dom->dom_next) { - if (dom->dom_rtdetach) { - for (table = 0; table < rt_numfibs; table++) { - if ( (fam = dom->dom_family) == AF_INET || - table == 0) { - /* For now only AF_INET has > 1 tbl. */ - rnh = rt_tables_get_rnh_ptr(table, fam); - if (rnh == NULL) - panic("%s: rnh NULL", __func__); - dom->dom_rtdetach((void **)rnh, - dom->dom_rtoffset); - } else { - break; - } - } + if (dom->dom_rtdetach == NULL) + continue; + + for (table = 0; table < rt_numfibs; table++) { + fam = dom->dom_family; + + if (table != 0 && fam != AF_INET6 && fam != AF_INET) + break; + + rnh = rt_tables_get_rnh_ptr(table, fam); + if (rnh == NULL) + panic("%s: rnh NULL", __func__); + dom->dom_rtdetach((void **)rnh, dom->dom_rtoffset); } } } @@ -274,7 +277,8 @@ sys_setfib(struct thread *td, struct set void rtalloc(struct route *ro) { - rtalloc_ign_fib(ro, 0UL, 0); + + rtalloc_ign_fib(ro, 0UL, RT_DEFAULT_FIB); } void @@ -294,7 +298,7 @@ rtalloc_ign(struct route *ro, u_long ign RTFREE(rt); ro->ro_rt = NULL; } - ro->ro_rt = rtalloc1_fib(&ro->ro_dst, 1, ignore, 0); + ro->ro_rt = rtalloc1_fib(&ro->ro_dst, 1, ignore, RT_DEFAULT_FIB); if (ro->ro_rt) RT_UNLOCK(ro->ro_rt); } @@ -324,7 +328,8 @@ rtalloc_ign_fib(struct route *ro, u_long struct rtentry * rtalloc1(struct sockaddr *dst, int report, u_long ignflags) { - return (rtalloc1_fib(dst, report, ignflags, 0)); + + return (rtalloc1_fib(dst, report, ignflags, RT_DEFAULT_FIB)); } struct rtentry * @@ -339,8 +344,15 @@ rtalloc1_fib(struct sockaddr *dst, int r int needlock; KASSERT((fibnum < rt_numfibs), ("rtalloc1_fib: bad fibnum")); - if (dst->sa_family != AF_INET) /* Only INET supports > 1 fib now */ - fibnum = 0; + switch (dst->sa_family) { + case AF_INET6: + case AF_INET: + /* We support multiple FIBs. */ + break; + default: + fibnum = RT_DEFAULT_FIB; + break; + } rnh = rt_tables_get_rnh(fibnum, dst->sa_family); newrt = NULL; if (rnh == NULL) @@ -486,7 +498,8 @@ rtredirect(struct sockaddr *dst, int flags, struct sockaddr *src) { - rtredirect_fib(dst, gateway, netmask, flags, src, 0); + + rtredirect_fib(dst, gateway, netmask, flags, src, RT_DEFAULT_FIB); } void @@ -617,7 +630,8 @@ out: int rtioctl(u_long req, caddr_t data) { - return (rtioctl_fib(req, data, 0)); + + return (rtioctl_fib(req, data, RT_DEFAULT_FIB)); } /* @@ -647,7 +661,8 @@ rtioctl_fib(u_long req, caddr_t data, u_ struct ifaddr * ifa_ifwithroute(int flags, struct sockaddr *dst, struct sockaddr *gateway) { - return (ifa_ifwithroute_fib(flags, dst, gateway, 0)); + + return (ifa_ifwithroute_fib(flags, dst, gateway, RT_DEFAULT_FIB)); } struct ifaddr * @@ -732,7 +747,9 @@ rtrequest(int req, int flags, struct rtentry **ret_nrt) { - return (rtrequest_fib(req, dst, gateway, netmask, flags, ret_nrt, 0)); + + return (rtrequest_fib(req, dst, gateway, netmask, flags, ret_nrt, + RT_DEFAULT_FIB)); } int @@ -771,7 +788,8 @@ rtrequest_fib(int req, int rt_getifa(struct rt_addrinfo *info) { - return (rt_getifa_fib(info, 0)); + + return (rt_getifa_fib(info, RT_DEFAULT_FIB)); } /* @@ -1029,8 +1047,16 @@ rtrequest1_fib(int req, struct rt_addrin #define senderr(x) { error = x ; goto bad; } KASSERT((fibnum < rt_numfibs), ("rtrequest1_fib: bad fibnum")); - if (dst->sa_family != AF_INET) /* Only INET supports > 1 fib now */ - fibnum = 0; + switch (dst->sa_family) { + case AF_INET6: + case AF_INET: + /* We support multiple FIBs. */ + break; + default: + fibnum = RT_DEFAULT_FIB; + break; + } + /* * Find the correct routing tree to use for this Address Family */ @@ -1136,8 +1162,7 @@ rtrequest1_fib(int req, struct rt_addrin rt->rt_flags = RTF_UP | flags; rt->rt_fibnum = fibnum; /* - * Add the gateway. Possibly re-malloc-ing the storage for it - * + * Add the gateway. Possibly re-malloc-ing the storage for it. */ RT_LOCK(rt); if ((error = rt_setgate(rt, dst, gateway)) != 0) { @@ -1186,12 +1211,15 @@ rtrequest1_fib(int req, struct rt_addrin #ifdef FLOWTABLE rt0 = NULL; - /* XXX - * "flow-table" only support IPv4 at the moment. - * XXX-BZ as of r205066 it would support IPv6. - */ + /* "flow-table" only supports IPv6 and IPv4 at the moment. */ + switch (dst->sa_family) { +#ifdef INET6 + case AF_INET6: +#endif #ifdef INET - if (dst->sa_family == AF_INET) { + case AF_INET: +#endif +#if defined(INET6) || defined(INET) rn = rnh->rnh_matchaddr(dst, rnh); if (rn && ((rn->rn_flags & RNF_ROOT) == 0)) { struct sockaddr *mask; @@ -1230,9 +1258,9 @@ rtrequest1_fib(int req, struct rt_addrin } } } +#endif/* INET6 || INET */ } -#endif -#endif +#endif /* FLOWTABLE */ /* XXX mtu manipulation will be done in rnh_addaddr -- itojun */ rn = rnh->rnh_addaddr(ndst, netmask, rnh, rt->rt_nodes); @@ -1254,9 +1282,18 @@ rtrequest1_fib(int req, struct rt_addrin } #ifdef FLOWTABLE else if (rt0 != NULL) { + switch (dst->sa_family) { +#ifdef INET6 + case AF_INET6: + flowtable_route_flush(V_ip6_ft, rt0); + break; +#endif #ifdef INET - flowtable_route_flush(V_ip_ft, rt0); + case AF_INET: + flowtable_route_flush(V_ip_ft, rt0); + break; #endif + } RTFREE(rt0); } #endif @@ -1388,8 +1425,17 @@ rtinit1(struct ifaddr *ifa, int cmd, int dst = ifa->ifa_addr; netmask = ifa->ifa_netmask; } - if ( dst->sa_family != AF_INET) - fibnum = 0; + if (dst->sa_len == 0) + return(EINVAL); + switch (dst->sa_family) { + case AF_INET6: + case AF_INET: + /* We support multiple FIBs. */ + break; + default: + fibnum = RT_DEFAULT_FIB; + break; + } if (fibnum == -1) { if (rt_add_addr_allfibs == 0 && cmd == (int)RTM_ADD) { startfib = endfib = curthread->td_proc->p_fibnum; @@ -1402,8 +1448,6 @@ rtinit1(struct ifaddr *ifa, int cmd, int startfib = fibnum; endfib = fibnum; } - if (dst->sa_len == 0) - return(EINVAL); /* * If it's a delete, check that if it exists, @@ -1427,9 +1471,7 @@ rtinit1(struct ifaddr *ifa, int cmd, int * Now go through all the requested tables (fibs) and do the * requested action. Realistically, this will either be fib 0 * for protocols that don't do multiple tables or all the - * tables for those that do. XXX For this version only AF_INET. - * When that changes code should be refactored to protocol - * independent parts and protocol dependent parts. + * tables for those that do. */ for ( fibnum = startfib; fibnum <= endfib; fibnum++) { if (cmd == RTM_DELETE) { @@ -1569,12 +1611,14 @@ rtinit1(struct ifaddr *ifa, int cmd, int return (error); } +#ifndef BURN_BRIDGES /* special one for inet internal use. may not use. */ int rtinit_fib(struct ifaddr *ifa, int cmd, int flags) { return (rtinit1(ifa, cmd, flags, -1)); } +#endif /* * Set up a routing table entry, normally @@ -1584,7 +1628,7 @@ int rtinit(struct ifaddr *ifa, int cmd, int flags) { struct sockaddr *dst; - int fib = 0; + int fib = RT_DEFAULT_FIB; if (flags & RTF_HOST) { dst = ifa->ifa_dstaddr; @@ -1592,7 +1636,12 @@ rtinit(struct ifaddr *ifa, int cmd, int dst = ifa->ifa_addr; } - if (dst->sa_family == AF_INET) + switch (dst->sa_family) { + case AF_INET6: + case AF_INET: + /* We do support multiple FIBs. */ fib = -1; + break; + } return (rtinit1(ifa, cmd, flags, fib)); } Modified: projects/multi-fibv6/9/sys/net/route.h ============================================================================== --- projects/multi-fibv6/9/sys/net/route.h Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/net/route.h Tue Feb 14 22:06:08 2012 (r231715) @@ -111,6 +111,7 @@ struct rt_metrics { #endif #endif +#define RT_DEFAULT_FIB 0 /* Explicitly mark fib=0 restricted cases */ extern u_int rt_numfibs; /* number fo usable routing tables */ /* * XXX kernel function pointer `rt_output' is visible to applications. @@ -405,8 +406,10 @@ void rtredirect(struct sockaddr *, stru int rtrequest(int, struct sockaddr *, struct sockaddr *, struct sockaddr *, int, struct rtentry **); +#ifndef BURN_BRIDGES /* defaults to "all" FIBs */ int rtinit_fib(struct ifaddr *, int, int); +#endif /* XXX MRT NEW VERSIONS THAT USE FIBs * For now the protocol indepedent versions are the same as the AF_INET ones Modified: projects/multi-fibv6/9/sys/netinet/in.c ============================================================================== --- projects/multi-fibv6/9/sys/netinet/in.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/netinet/in.c Tue Feb 14 22:06:08 2012 (r231715) @@ -938,7 +938,7 @@ in_ifinit(struct ifnet *ifp, struct in_i bzero(&ia_ro, sizeof(ia_ro)); *((struct sockaddr_in *)(&ia_ro.ro_dst)) = ia->ia_addr; - rtalloc_ign_fib(&ia_ro, 0, 0); + rtalloc_ign_fib(&ia_ro, 0, RT_DEFAULT_FIB); if ((ia_ro.ro_rt != NULL) && (ia_ro.ro_rt->rt_ifp != NULL) && (ia_ro.ro_rt->rt_ifp == V_loif)) { RT_LOCK(ia_ro.ro_rt); Modified: projects/multi-fibv6/9/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- projects/multi-fibv6/9/sys/netinet/ipfw/ip_fw2.c Tue Feb 14 21:48:46 2012 (r231714) +++ projects/multi-fibv6/9/sys/netinet/ipfw/ip_fw2.c Tue Feb 14 22:06:08 2012 (r231715) @@ -496,7 +496,7 @@ search_ip6_addr_net (struct in6_addr * i } static int -verify_path6(struct in6_addr *src, struct ifnet *ifp) +verify_path6(struct in6_addr *src, struct ifnet *ifp, u_int fib) { *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202142206.q1EM69AI021318>