d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add code to allow the system to handle multiple routing tables.

Browse Source 
This particular implementation is designed to be fully backwards compatible
and to be MFC-able to 7.x (and 6.x)

Currently the only protocol that can make use of the multiple tables is IPv4
Similar functionality exists in OpenBSD and Linux.

From my notes:

-----

  One thing where FreeBSD has been falling behind, and which by chance I
  have some time to work on is "policy based routing", which allows
  different
  packet streams to be routed by more than just the destination address.

  Constraints:
  ------------

  I want to make some form of this available in the 6.x tree
  (and by extension 7.x) , but FreeBSD in general needs it so I might as
  well do it in -current and back port the portions I need.

  One of the ways that this can be done is to have the ability to
  instantiate multiple kernel routing tables (which I will now
  refer to as "Forwarding Information Bases" or "FIBs" for political
  correctness reasons). Which FIB a particular packet uses to make
  the next hop decision can be decided by a number of mechanisms.
  The policies these mechanisms implement are the "Policies" referred
  to in "Policy based routing".

  One of the constraints I have if I try to back port this work to
  6.x is that it must be implemented as a EXTENSION to the existing
  ABIs in 6.x so that third party applications do not need to be
  recompiled in timespan of the branch.

  This first version will not have some of the bells and whistles that
  will come with later versions. It will, for example, be limited to 16
  tables in the first commit.
  Implementation method, Compatible version. (part 1)
  -------------------------------
  For this reason I have implemented a "sufficient subset" of a
  multiple routing table solution in Perforce, and back-ported it
  to 6.x. (also in Perforce though not  always caught up with what I
  have done in -current/P4). The subset allows a number of FIBs
  to be defined at compile time (8 is sufficient for my purposes in 6.x)
  and implements the changes needed to allow IPV4 to use them. I have not
  done the changes for ipv6 simply because I do not need it, and I do not
  have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it.

  Other protocol families are left untouched and should there be
  users with proprietary protocol families, they should continue to work
  and be oblivious to the existence of the extra FIBs.

  To understand how this is done, one must know that the current FIB
  code starts everything off with a single dimensional array of
  pointers to FIB head structures (One per protocol family), each of
  which in turn points to the trie of routes available to that family.

  The basic change in the ABI compatible version of the change is to
  extent that array to be a 2 dimensional array, so that
  instead of protocol family X looking at rt_tables[X] for the
  table it needs, it looks at rt_tables[Y][X] when for all
  protocol families except ipv4 Y is always 0.
  Code that is unaware of the change always just sees the first row
  of the table, which of course looks just like the one dimensional
  array that existed before.

  The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign()
  are all maintained, but refer only to the first row of the array,
  so that existing callers in proprietary protocols can continue to
  do the "right thing".
  Some new entry points are added, for the exclusive use of ipv4 code
  called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(),
  which have an extra argument which refers the code to the correct row.

  In addition, there are some new entry points (currently called
  rtalloc_fib() and friends) that check the Address family being
  looked up and call either rtalloc() (and friends) if the protocol
  is not IPv4 forcing the action to row 0 or to the appropriate row
  if it IS IPv4 (and that info is available). These are for calling
  from code that is not specific to any particular protocol. The way
  these are implemented would change in the non ABI preserving code
  to be added later.

  One feature of the first version of the code is that for ipv4,
  the interface routes show up automatically on all the FIBs, so
  that no matter what FIB you select you always have the basic
  direct attached hosts available to you. (rtinit() does this
  automatically).

  You CAN delete an interface route from one FIB should you want
  to but by default it's there. ARP information is also available
  in each FIB. It's assumed that the same machine would have the
  same MAC address, regardless of which FIB you are using to get
  to it.

  This brings us as to how the correct FIB is selected for an outgoing
  IPV4 packet.

  Firstly, all packets have a FIB associated with them. if nothing
  has been done to change it, it will be FIB 0. The FIB is changed
  in the following ways.

  Packets fall into one of a number of classes.

  1/ locally generated packets, coming from a socket/PCB.
     Such packets select a FIB from a number associated with the
     socket/PCB. This in turn is inherited from the process,
     but can be changed by a socket option. The process in turn
     inherits it on fork. I have written a utility call setfib
     that acts a bit like nice..

         setfib -3 ping target.example.com # will use fib 3 for ping.

     It is an obvious extension to make it a property of a jail
     but I have not done so. It can be achieved by combining the setfib and
     jail commands.

  2/ packets received on an interface for forwarding.
     By default these packets would use table 0,
     (or possibly a number settable in a sysctl(not yet)).
     but prior to routing the firewall can inspect them (see below).
     (possibly in the future you may be able to associate a FIB
     with packets received on an interface..  An ifconfig arg, but not yet.)

  3/ packets inspected by a packet classifier, which can arbitrarily
     associate a fib with it on a packet by packet basis.
     A fib assigned to a packet by a packet classifier
     (such as ipfw) would over-ride a fib associated by
     a more default source. (such as cases 1 or 2).

  4/ a tcp listen socket associated with a fib will generate
     accept sockets that are associated with that same fib.

  5/ Packets generated in response to some other packet (e.g. reset
     or icmp packets). These should use the FIB associated with the
     packet being reponded to.

  6/ Packets generated during encapsulation.
     gif, tun and other tunnel interfaces will encapsulate using the FIB
     that was in effect withthe proces that set up the tunnel.
     thus setfib 1 ifconfig gif0 [tunnel instructions]
     will set the fib for the tunnel to use to be fib 1.

  Routing messages would be associated with their
  process, and thus select one FIB or another.
  messages from the kernel would be associated with the fib they
  refer to and would only be received by a routing socket associated
  with that fib. (not yet implemented)

  In addition Netstat has been edited to be able to cope with the
  fact that the array is now 2 dimensional. (It looks in system
  memory using libkvm (!)). Old versions of netstat see only the first FIB.

  In addition two sysctls are added to give:
  a) the number of FIBs compiled in (active)
  b) the default FIB of the calling process.

  Early testing experience:
  -------------------------

  Basically our (IronPort's) appliance does this functionality already
  using ipfw fwd but that method has some drawbacks.

  For example,
  It can't fully simulate a routing table because it can't influence the
  socket's choice of local address when a connect() is done.

  Testing during the generating of these changes has been
  remarkably smooth so far. Multiple tables have co-existed
  with no notable side effects, and packets have been routes
  accordingly.

  ipfw has grown 2 new keywords:

  setfib N ip from anay to any
  count ip from any to any fib N

  In pf there seems to be a requirement to be able to give symbolic names to the
  fibs but I do not have that capacity. I am not sure if it is required.

  SCTP has interestingly enough built in support for this, called VRFs
  in Cisco parlance. it will be interesting to see how that handles it
  when it suddenly actually does something.

  Where to next:
  --------------------

  After committing the ABI compatible version and MFCing it, I'd
  like to proceed in a forward direction in -current. this will
  result in some roto-tilling in the routing code.

  Firstly: the current code's idea of having a separate tree per
  protocol family, all of the same format, and pointed to by the
  1 dimensional array is a bit silly. Especially when one considers that
  there is code that makes assumptions about every protocol having the
  same internal structures there. Some protocols don't WANT that
  sort of structure. (for example the whole idea of a netmask is foreign
  to appletalk). This needs to be made opaque to the external code.

  My suggested first change is to add routing method pointers to the
  'domain' structure, along with information pointing the data.
  instead of having an array of pointers to uniform structures,
  there would be an array pointing to the 'domain' structures
  for each protocol address domain (protocol family),
  and the methods this reached would be called. The methods would have
  an argument that gives FIB number, but the protocol would be free
  to ignore it.

  When the ABI can be changed it raises the possibilty of the
  addition of a fib entry into the "struct route". Currently,
  the structure contains the sockaddr of the desination, and the resulting
  fib entry. To make this work fully, one could add a fib number
  so that given an address and a fib, one can find the third element, the
  fib entry.

  Interaction with the ARP layer/ LL layer would need to be
  revisited as well. Qing Li has been working on this already.

  This work was sponsored by Ironport Systems/Cisco

Reviewed by:    several including rwatson, bz and mlair (parts each)
Obtained from:  Ironport systems/Cisco
This commit is contained in:
Julian Elischer 2008-05-09 23:03:00 +00:00
parent a15370c6aa
commit 8b07e49a00
74 changed files with 1312 additions and 371 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sbin/ipfw/ipfw.8
View File

@ -479,6 +479,9 @@ When the packet can be associated with a local socket.
.It Divert status
Whether a packet came from a divert socket (e.g.,
.Xr natd 8 ) .
.It Fib annotation state
Whether a packet has been tagged for using a specific FIB (routing table)
in future forwarding decisions.
.El
.Pp
Note that some of the above information, e.g.\& source MAC or IP addresses and
@ -842,6 +845,12 @@ for more information on
and
.Cm ngtee
actions.
.It Cm setfib Ar fibnum
The packet is tagged so as to use the FIB (routing table)
.Ar fibnum
in any subsequent forwarding decisions. Initially this is
limited to the values 0 through 15. See
.Xr setfib 8
.El
.Ss RULE BODY
The body of a rule contains zero or more patterns (such as
@ -1144,6 +1153,9 @@ IPSec authentication headers
.Pq Cm ah ,
and IPSec encapsulated security payload headers
.Pq Cm esp .
.It Cm fib Ar fibnum
Matches a packet that has been tagged to use
the given FIB (routing table) number.
.It Cm flow-id Ar labels
Matches IPv6 packets containing any of the flow labels given in
.Ar labels .

39
sbin/ipfw/ipfw2.c
View File

@ -341,6 +341,9 @@ enum tokens {
TOK_IPV4,
TOK_UNREACH6,
TOK_RESET6,
TOK_FIB,
TOK_SETFIB,
};
struct _s_x dummynet_params[] = {
@ -413,6 +416,7 @@ struct _s_x rule_actions[] = {
{ "check-state", TOK_CHECKSTATE },
{ "//", TOK_COMMENT },
{ "nat", TOK_NAT },
{ "setfib", TOK_SETFIB },
{ NULL, 0 } /* terminator */
};
@ -443,6 +447,7 @@ struct _s_x rule_options[] = {
{ "via", TOK_VIA },
{ "fragment", TOK_FRAG },
{ "frag", TOK_FRAG },
{ "fib", TOK_FIB },
{ "ipoptions", TOK_IPOPTS },
{ "ipopts", TOK_IPOPTS },
{ "iplen", TOK_IPLEN },
@ -1615,6 +1620,10 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
PRINT_UINT_ARG("nat ", cmd->arg1);
break;
case O_SETFIB:
PRINT_UINT_ARG("setfib ", cmd->arg1);
break;
default:
printf("** unrecognized action %d len %d ",
cmd->opcode, cmd->len);
@ -1817,6 +1826,10 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
printf(" frag");
break;
case O_FIB:
printf(" fib %u", cmd->arg1 );
break;
case O_IN:
printf(cmd->len & F_NOT ? " out" : " in");
break;
@ -2712,7 +2725,7 @@ help(void)
"RULE-BODY: check-state [PARAMS] | ACTION [PARAMS] ADDR [OPTION_LIST]\n"
"ACTION: check-state | allow | count | deny | unreach{,6} CODE |\n"
" skipto N | {divert|tee} PORT | forward ADDR |\n"
" pipe N | queue N | nat N\n"
" pipe N | queue N | nat N | setfib FIB\n"
"PARAMS: [log [logamount LOGLIMIT]] [altq QUEUE_NAME]\n"
"ADDR: [ MAC dst src ether_type ] \n"
" [ ip from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ]\n"
@ -2728,7 +2741,7 @@ help(void)
" estab | frag | {gid|uid} N | icmptypes LIST | in | out | ipid LIST |\n"
" iplen LIST | ipoptions SPEC | ipprecedence | ipsec | iptos SPEC |\n"
" ipttl LIST | ipversion VER | keep-state | layer2 | limit ... |\n"
" icmp6types LIST | ext6hdr LIST | flow-id N[,N] |\n"
" icmp6types LIST | ext6hdr LIST | flow-id N[,N] | fib FIB |\n"
" mac ... | mac-type LIST | proto LIST | {recv|xmit|via} {IF|IPADDR} |\n"
" setup | {tcpack|tcpseq|tcpwin} NN | tcpflags SPEC | tcpoptions SPEC |\n"
" tcpdatalen LIST | verrevpath | versrcreach | antispoof\n"
@ -4865,6 +4878,7 @@ add(int ac, char *av[])
action->opcode = O_NAT;
action->len = F_INSN_SIZE(ipfw_insn_nat);
goto chkarg;
case TOK_QUEUE:
action->opcode = O_QUEUE;
goto chkarg;
@ -4946,6 +4960,21 @@ chkarg:
action->opcode = O_COUNT;
ac++; av--; /* go back... */
break;
case TOK_SETFIB:
{
int numfibs;
action->opcode = O_SETFIB;
NEED1("missing fib number");
action->arg1 = strtoul(*av, NULL, 10);
if (sysctlbyname("net.fibs", &numfibs, &i, NULL, 0) == -1)
errx(EX_DATAERR, "fibs not suported.\n");
if (action->arg1 >= numfibs) /* Temporary */
errx(EX_DATAERR, "fib too large.\n");
ac--; av++;
break;
}
default:
errx(EX_DATAERR, "invalid action %s\n", av[-1]);
@ -5626,6 +5655,12 @@ read_options:
ac--; av++;
break;
case TOK_FIB:
NEED1("fib requires fib number");
fill_cmd(cmd, O_FIB, 0, strtoul(*av, NULL, 0));
ac--; av++;
break;
default:
errx(EX_USAGE, "unrecognised option [%d] %s\n", i, s);
}

2
sys/conf/NOTES
View File

@ -509,6 +509,8 @@ options HWPMC_HOOKS # Other necessary kernel hooks
options INET #Internet communications protocols
options INET6 #IPv6 communications protocols
options ROUTETABLES=2 # max 16. 1 is back compatible.
# In order to enable IPSEC you MUST also add device crypto to
# your kernel configuration
options IPSEC #IP security (requires device crypto)

1
sys/conf/options
View File

@ -364,6 +364,7 @@ ETHER_II opt_ef.h
ETHER_8023 opt_ef.h
ETHER_8022 opt_ef.h
ETHER_SNAP opt_ef.h
ROUTETABLES opt_route.h
MROUTING opt_mrouting.h
INET opt_inet.h
INET6 opt_inet6.h

4
sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
View File

@ -970,7 +970,7 @@ frdest_t *fdp;
dst->sin_addr = fdp->fd_ip;
dst->sin_len = sizeof(*dst);
rtalloc(ro);
in_rtalloc(ro, 0);
if ((ifp == NULL) && (ro->ro_rt != NULL))
ifp = ro->ro_rt->rt_ifp;
@ -1158,7 +1158,7 @@ fr_info_t *fin;
dst->sin_len = sizeof(*dst);
dst->sin_family = AF_INET;
dst->sin_addr = fin->fin_src;
rtalloc(&iproute);
in_rtalloc(&iproute, 0);
if (iproute.ro_rt == NULL)
return 0;
return (fin->fin_ifp == iproute.ro_rt->rt_ifp);

36
sys/contrib/pf/net/pf.c
View File

@ -1839,7 +1839,14 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
pf_mtag->tag = rtag;
if (r != NULL && r->rtableid >= 0)
#ifdef __FreeBSD__
{
M_SETFIB(m, r->rtableid);
#endif
pf_mtag->rtableid = r->rtableid;
#ifdef __FreeBSD__
}
#endif
#ifdef ALTQ
if (r != NULL && r->qid) {
pf_mtag->qid = r->qid;
@ -2004,7 +2011,14 @@ pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, sa_family_t af,
#endif
if (r->rtableid >= 0)
#ifdef __FreeBSD__
{
M_SETFIB(m0, r->rtableid);
#endif
pf_mtag->rtableid = r->rtableid;
#ifdef __FreeBSD__
}
#endif
#ifdef ALTQ
if (r->qid) {
@ -2195,7 +2209,14 @@ pf_tag_packet(struct mbuf *m, struct pf_mtag *pf_mtag, int tag, int rtableid)
if (tag > 0)
pf_mtag->tag = tag;
if (rtableid >= 0)
#ifdef __FreeBSD__
{
M_SETFIB(m, rtableid);
#endif
pf_mtag->rtableid = rtableid;
#ifdef __FreeBSD__
}
#endif
return (0);
}
@ -3141,7 +3162,7 @@ pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer)
#ifdef RTF_PRCLONING
rtalloc_ign(&ro, (RTF_CLONING | RTF_PRCLONING));
#else /* !RTF_PRCLONING */
rtalloc_ign(&ro, RTF_CLONING);
in_rtalloc_ign(&ro, RTF_CLONING, 0);
#endif
#else /* ! __FreeBSD__ */
rtalloc_noclone(&ro, NO_CLONING);
@ -5946,7 +5967,11 @@ pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *kif)
goto out;
#ifdef __FreeBSD__
rtalloc_ign((struct route *)&ro, RTF_CLONING);
/* XXX MRT not always INET */ /* stick with table 0 though */
if (af == AF_INET)
in_rtalloc_ign((struct route *)&ro, RTF_CLONING, 0);
else
rtalloc_ign((struct route *)&ro, RTF_CLONING);
#else /* ! __FreeBSD__ */
rtalloc_noclone((struct route *)&ro, NO_CLONING);
#endif
@ -6025,7 +6050,10 @@ pf_rtlabel_match(struct pf_addr *addr, sa_family_t af, struct pf_addr_wrap *aw)
# ifdef RTF_PRCLONING
rtalloc_ign((struct route *)&ro, (RTF_CLONING|RTF_PRCLONING));
# else /* !RTF_PRCLONING */
rtalloc_ign((struct route *)&ro, RTF_CLONING);
if (af == AF_INET)
in_rtalloc_ign((struct route *)&ro, RTF_CLONING, 0);
else
rtalloc_ign((struct route *)&ro, RTF_CLONING);
# endif
#else /* ! __FreeBSD__ */
rtalloc_noclone((struct route *)&ro, NO_CLONING);
@ -6105,7 +6133,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
dst->sin_addr = ip->ip_dst;
if (r->rt == PF_FASTROUTE) {
rtalloc(ro);
in_rtalloc(ro, 0);
if (ro->ro_rt == 0) {
ipstat.ips_noroute++;
goto bad;

4
sys/contrib/pf/net/pf_ioctl.c
View File

@ -1532,7 +1532,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
#ifdef __FreeBSD__ /* ROUTEING */
if (rule->rtableid > 0)
if (rule->rtableid > 0 && rule->rtableid < rt_numfibs)
#else
if (rule->rtableid > 0 && !rtable_exists(rule->rtableid))
#endif
@ -1795,7 +1795,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
if (newrule->rtableid > 0 &&
#ifdef __FreeBSD__ /* ROUTING */
1)
newrule->rtableid < rt_numfibs)
#else
!rtable_exists(newrule->rtableid))
#endif

2
sys/kern/init_sysent.c
View File

@ -203,7 +203,7 @@ struct sysent sysent[] = {
{ 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0 }, /* 172 = nosys */
{ AS(freebsd6_pread_args), (sy_call_t *)freebsd6_pread, AUE_PREAD, NULL, 0, 0 }, /* 173 = freebsd6_pread */
{ AS(freebsd6_pwrite_args), (sy_call_t *)freebsd6_pwrite, AUE_PWRITE, NULL, 0, 0 }, /* 174 = freebsd6_pwrite */
{ 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0 }, /* 175 = nosys */
{ AS(setfib_args), (sy_call_t *)setfib, AUE_NULL, NULL, 0, 0 }, /* 175 = setfib */
{ AS(ntp_adjtime_args), (sy_call_t *)ntp_adjtime, AUE_NTP_ADJTIME, NULL, 0, 0 }, /* 176 = ntp_adjtime */
{ 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0 }, /* 177 = sfork */
{ 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0 }, /* 178 = getdescriptor */

2
sys/kern/sys_socket.c
View File

@ -199,7 +199,7 @@ soo_ioctl(struct file *fp, u_long cmd, void *data, struct ucred *active_cred,
if (IOCGROUP(cmd) == 'i')
error = ifioctl(so, cmd, data, td);
else if (IOCGROUP(cmd) == 'r')
error = rtioctl(cmd, data);
error = rtioctl_fib(cmd, data, so->so_fibnum);
else
error = ((*so->so_proto->pr_usrreqs->pru_control)
(so, cmd, data, 0, td));

2
sys/kern/syscalls.c
View File

@ -182,7 +182,7 @@ const char *syscallnames[] = {
"#172", /* 172 = nosys */
"freebsd6_pread", /* 173 = freebsd6_pread */
"freebsd6_pwrite", /* 174 = freebsd6_pwrite */
"#175", /* 175 = nosys */
"setfib", /* 175 = setfib */
"ntp_adjtime", /* 176 = ntp_adjtime */
"#177", /* 177 = sfork */
"#178", /* 178 = getdescriptor */

2
sys/kern/syscalls.master
View File

@ -340,7 +340,7 @@
174 AUE_PWRITE STD { ssize_t freebsd6_pwrite(int fd, \
const void *buf, \
size_t nbyte, int pad, off_t offset); }
175 AUE_NULL UNIMPL nosys
175 AUE_NULL STD { int setfib(int fibnum); }
176 AUE_NTP_ADJTIME STD { int ntp_adjtime(struct timex *tp); }
177 AUE_NULL UNIMPL sfork (BSD/OS 2.x)
178 AUE_NULL UNIMPL getdescriptor (BSD/OS 2.x)

7
sys/kern/systrace_args.c
View File

@ -959,6 +959,13 @@ systrace_args(int sysnum, void *params, u_int64_t *uarg, int *n_args)
*n_args = 5;
break;
}
/* setfib */
case 175: {
struct setfib_args *p = params;
iarg[0] = p->fibnum; /* int */
*n_args = 1;
break;
}
/* ntp_adjtime */
case 176: {
struct ntp_adjtime_args *p = params;

20
sys/kern/uipc_socket.c
View File

@ -122,6 +122,7 @@ __FBSDID("$FreeBSD$");
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/resourcevar.h>
#include <net/route.h>
#include <sys/signalvar.h>
#include <sys/stat.h>
#include <sys/sx.h>
@ -360,6 +361,11 @@ socreate(int dom, struct socket **aso, int type, int proto,
TAILQ_INIT(&so->so_comp);
so->so_type = type;
so->so_cred = crhold(cred);
if ((prp->pr_domain->dom_family == PF_INET) ||
(prp->pr_domain->dom_family == PF_ROUTE))
so->so_fibnum = td->td_proc->p_fibnum;
else
so->so_fibnum = 0;
so->so_proto = prp;
#ifdef MAC
mac_socket_create(cred, so);
@ -2027,6 +2033,20 @@ sosetopt(struct socket *so, struct sockopt *sopt)
SOCK_UNLOCK(so);
break;
case SO_SETFIB:
error = sooptcopyin(sopt, &optval, sizeof optval,
sizeof optval);
if (optval < 1 || optval > rt_numfibs) {
error = EINVAL;
goto bad;
}
if ((so->so_proto->pr_domain->dom_family == PF_INET) ||
(so->so_proto->pr_domain->dom_family == PF_ROUTE)) {
so->so_fibnum = optval;
} else {
so->so_fibnum = 0;
}
break;
case SO_SNDBUF:
case SO_RCVBUF:
case SO_SNDLOWAT:

19
sys/kern/vfs_export.c
View File

@ -161,12 +161,25 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
* Seems silly to initialize every AF when most are not used,
* do so on demand here
*/
for (dom = domains; dom; dom = dom->dom_next)
for (dom = domains; dom; dom = dom->dom_next) {
KASSERT(((i == AF_INET) || (i == AF_INET6)),
("unexpected protocol in vfs_hang_addrlist"));
if (dom->dom_family == i && dom->dom_rtattach) {
dom->dom_rtattach((void **) &nep->ne_rtable[i],
dom->dom_rtoffset);
/*
* XXX MRT
* The INET and INET6 domains know the
* offset already. We don't need to send it
* So we just use it as a flag to say that
* we are or are not setting up a real routing
* table. Only IP and IPV6 need have this
* be 0 so all other protocols can stay the
* same (ABI compatible).
*/
dom->dom_rtattach(
(void **) &nep->ne_rtable[i], 0);
break;
}
}
if ((rnh = nep->ne_rtable[i]) == NULL) {
error = ENOBUFS;
vfs_mount_error(mp, "%s %s %d",

9
sys/net/if.c
View File

@ -740,11 +740,14 @@ if_detach(struct ifnet *ifp)
* to this interface...oh well...
*/
for (i = 1; i <= AF_MAX; i++) {
if ((rnh = rt_tables[i]) == NULL)
int j;
for (j = 0; j < rt_numfibs; j++) {
if ((rnh = rt_tables[j][i]) == NULL)
continue;
RADIX_NODE_HEAD_LOCK(rnh);
(void) rnh->rnh_walktree(rnh, if_rtdel, ifp);
RADIX_NODE_HEAD_UNLOCK(rnh);
}
}
/* Announce that the interface is gone. */
@ -1010,9 +1013,9 @@ if_rtdel(struct radix_node *rn, void *arg)
if ((rt->rt_flags & RTF_UP) == 0)
return (0);
err = rtrequest(RTM_DELETE, rt_key(rt), rt->rt_gateway,
err = rtrequest_fib(RTM_DELETE, rt_key(rt), rt->rt_gateway,
rt_mask(rt), rt->rt_flags,
(struct rtentry **) NULL);
(struct rtentry **) NULL, rt->rt_fibnum);
if (err) {
log(LOG_WARNING, "if_rtdel: error %d\n", err);
}

3
sys/net/if_atmsubr.c
View File

@ -158,7 +158,8 @@ atm_output(struct ifnet *ifp, struct mbuf *m0, struct sockaddr *dst,
* check route
*/
if (rt0 != NULL) {
error = rt_check(&rt, &rt0, dst);
error = rt_check_fib(&rt, &rt0,
dst, rt0->rt_fibnum);
if (error)
goto bad;
RT_UNLOCK(rt);

2
sys/net/if_fwsubr.c
View File

@ -103,7 +103,7 @@ firewire_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
}
if (rt0 != NULL) {
error = rt_check(&rt, &rt0, dst);
error = rt_check_fib(&rt, &rt0, dst, rt0->rt_fibnum);
if (error)
goto bad;
RT_UNLOCK(rt);

3
sys/net/if_gif.c
View File

@ -46,6 +46,7 @@
#include <sys/time.h>
#include <sys/sysctl.h>
#include <sys/syslog.h>
#include <sys/proc.h>
#include <sys/protosw.h>
#include <sys/conf.h>
#include <machine/cpu.h>
@ -155,6 +156,7 @@ gif_clone_create(ifc, unit, params)
struct gif_softc *sc;
sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO);
sc->gif_fibnum = curthread->td_proc->p_fibnum;
GIF2IFP(sc) = if_alloc(IFT_GIF);
if (GIF2IFP(sc) == NULL) {
free(sc, M_GIF);
@ -441,6 +443,7 @@ gif_output(ifp, m, dst, rt)
if (ifp->if_bridge)
af = AF_LINK;
M_SETFIB(m, sc->gif_fibnum);
/* inner AF-specific encapsulation */
/* XXX should we check if our outer source is legal? */

1
sys/net/if_gif.h
View File

@ -67,6 +67,7 @@ struct gif_softc {
#endif
} gifsc_gifscr;
int gif_flags;
u_int gif_fibnum;
const struct encaptab *encap_cookie4;
const struct encaptab *encap_cookie6;
void *gif_netgraph; /* ng_gif(4) netgraph node info */

7
sys/net/if_gre.c
View File

@ -58,6 +58,7 @@
#include <sys/module.h>
#include <sys/mbuf.h>
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/sockio.h>
@ -201,6 +202,7 @@ gre_clone_create(ifc, unit, params)
GRE2IFP(sc)->if_flags |= IFF_LINK0;
sc->encap = NULL;
sc->called = 0;
sc->gre_fibnum = curthread->td_proc->p_fibnum;
sc->wccp_ver = WCCP_V1;
if_attach(GRE2IFP(sc));
bpfattach(GRE2IFP(sc), DLT_NULL, sizeof(u_int32_t));
@ -395,6 +397,8 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
goto end;
}
M_SETFIB(m, sc->gre_fibnum); /* The envelope may use a different FIB */
gh = mtod(m, struct greip *);
if (sc->g_proto == IPPROTO_GRE) {
/* we don't have any GRE flags for now */
@ -754,6 +758,7 @@ gre_compute_route(struct gre_softc *sc)
* toggle last bit, so our interface is not found, but a less
* specific route. I'd rather like to specify a shorter mask,
* but this is not possible. Should work though. XXX
* XXX MRT Use a different FIB for the tunnel to solve this problem.
*/
if ((GRE2IFP(sc)->if_flags & IFF_LINK1) == 0) {
((struct sockaddr_in *)&ro->ro_dst)->sin_addr.s_addr ^=
@ -765,7 +770,7 @@ gre_compute_route(struct gre_softc *sc)
inet_ntoa(((struct sockaddr_in *)&ro->ro_dst)->sin_addr));
#endif
rtalloc(ro);
rtalloc_fib(ro, sc->gre_fibnum);
/*
* check if this returned a route at all and this route is no

1
sys/net/if_gre.h
View File

@ -59,6 +59,7 @@ struct gre_softc {
LIST_ENTRY(gre_softc) sc_list;
int gre_unit;
int gre_flags;
u_int gre_fibnum; /* use this fib for envelopes */
struct in_addr g_src; /* source address of gre packets */
struct in_addr g_dst; /* destination address of gre packets */
struct route route; /* routing entry that determines, where a

3
sys/net/if_iso88025subr.c
View File

@ -259,7 +259,8 @@ iso88025_output(ifp, m, dst, rt0)
/* Calculate routing info length based on arp table entry */
/* XXX any better way to do this ? */
if (rt0 != NULL) {
error = rt_check(&rt, &rt0, dst);
/* XXX MRT *//* Guess only */
error = rt_check_fib(&rt, &rt0, dst, rt0->rt_fibnum);
if (error)
goto bad;
RT_UNLOCK(rt);

9
sys/net/if_stf.c
View File

@ -87,6 +87,7 @@
#include <sys/kernel.h>
#include <sys/module.h>
#include <sys/protosw.h>
#include <sys/proc.h>
#include <sys/queue.h>
#include <machine/cpu.h>
@ -136,6 +137,7 @@ struct stf_softc {
struct route_in6 __sc_ro6; /* just for safety */
} __sc_ro46;
#define sc_ro __sc_ro46.__sc_ro4
u_int sc_fibnum;
const struct encaptab *encap_cookie;
};
#define STF2IFP(sc) ((sc)->sc_ifp)
@ -219,6 +221,7 @@ stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
return (ENOSPC);
}
ifp->if_softc = sc;
sc->sc_fibnum = curthread->td_proc->p_fibnum;
/*
* Set the name manually rather then using if_initname because
@ -521,7 +524,7 @@ stf_output(ifp, m, dst, rt)
}
if (sc->sc_ro.ro_rt == NULL) {
rtalloc(&sc->sc_ro);
rtalloc_fib(&sc->sc_ro, sc->sc_fibnum);
if (sc->sc_ro.ro_rt == NULL) {
m_freem(m);
ifp->if_oerrors++;
@ -529,6 +532,7 @@ stf_output(ifp, m, dst, rt)
}
}
M_SETFIB(m, sc->sc_fibnum);
ifp->if_opackets++;
return ip_output(m, NULL, &sc->sc_ro, 0, NULL, NULL);
}
@ -599,7 +603,8 @@ stf_checkaddr4(sc, in, inifp)
sin.sin_family = AF_INET;
sin.sin_len = sizeof(struct sockaddr_in);
sin.sin_addr = *in;
rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL);
rt = rtalloc1_fib((struct sockaddr *)&sin, 0,
0UL, sc->sc_fibnum);
if (!rt || rt->rt_ifp != inifp) {
#if 0
log(LOG_WARNING, "%s: packet from 0x%x dropped "

2
sys/net/if_var.h
View File

@ -690,6 +690,8 @@ struct ifaddr *ifa_ifwithbroadaddr(struct sockaddr *);
struct ifaddr *ifa_ifwithdstaddr(struct sockaddr *);
struct ifaddr *ifa_ifwithnet(struct sockaddr *);
struct ifaddr *ifa_ifwithroute(int, struct sockaddr *, struct sockaddr *);
struct ifaddr *ifa_ifwithroute_fib(int, struct sockaddr *, struct sockaddr *, u_int);
struct ifaddr *ifaof_ifpforaddr(struct sockaddr *, struct ifnet *);
int if_simloop(struct ifnet *ifp, struct mbuf *m, int af, int hlen);

4
sys/net/radix_mpath.c
View File

@ -255,7 +255,7 @@ different:
}
void
rtalloc_mpath(struct route *ro, int hash)
rtalloc_mpath_fib(struct route *ro, int hash, u_int fibnum)
{
struct radix_node *rn0, *rn;
int n;
@ -266,7 +266,7 @@ rtalloc_mpath(struct route *ro, int hash)
*/
if (ro->ro_rt && ro->ro_rt->rt_ifp && (ro->ro_rt->rt_flags & RTF_UP))
return; /* XXX */
ro->ro_rt = rtalloc1(&ro->ro_dst, 1, 0UL);
ro->ro_rt = rtalloc1_fib(&ro->ro_dst, 1, 0UL, fibnum);
/* if the route does not exist or it is not multipath, don't care */
if (ro->ro_rt == NULL)

3
sys/net/radix_mpath.h
View File

@ -50,7 +50,8 @@ int rn_mpath_count(struct radix_node *);
struct rtentry *rt_mpath_matchgate(struct rtentry *, struct sockaddr *);
int rt_mpath_conflict(struct radix_node_head *, struct rtentry *,
struct sockaddr *);
void rtalloc_mpath(struct route *, int);
void rtalloc_mpath_fib(struct route *, int, u_int);
#define rtalloc_mpath(_route, _hash) rtalloc_mpath_fib((_route), (_hash), 0)
struct radix_node *rn_mpath_lookup(void *, void *,
struct radix_node_head *);
int rt_mpath_deldup(struct rtentry *, struct rtentry *);

532
sys/net/route.c
View File

@ -29,8 +29,13 @@
* @(#)route.c 8.3.1.1 (Berkeley) 2/23/95
* $FreeBSD$
*/
/************************************************************************
* Note: In this file a 'fib' is a "forwarding information base" *
* Which is the new name for an in kernel routing (next hop) table. *
***********************************************************************/
#include "opt_inet.h"
#include "opt_route.h"
#include "opt_mrouting.h"
#include "opt_mpath.h"
@ -39,6 +44,9 @@
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <sys/sysproto.h>
#include <sys/proc.h>
#include <sys/domain.h>
#include <sys/kernel.h>
@ -54,14 +62,45 @@
#include <vm/uma.h>
#ifndef ROUTETABLES
#define RT_NUMFIBS 1
#define RT_MAXFIBS 1
#else
/* while we use 4 bits in the mbuf flags,
* we are limited to 16
*/
#if ROUTETABLES > RT_MAXFIBS
#define RT_NUMFIBS RT_MAXFIBS
#error "ROUTETABLES defined too big"
#else
#if ROUTETABLES == 0
#define RT_NUMFIBS 1
#else
#define RT_NUMFIBS ROUTETABLES
#endif
#endif
#endif
u_int rt_numfibs = RT_NUMFIBS;
SYSCTL_INT(_net, OID_AUTO, fibs, CTLFLAG_RD, &rt_numfibs, 0, "");
/* Eventually this will be a tunable */
TUNABLE_INT("net.fibs", &rt_numfibs);
static struct rtstat rtstat;
struct radix_node_head *rt_tables[AF_MAX+1];
/* by default only the first 'row' of tables will be accessed. */
/*
* XXXMRT When we fix netstat, and do this differnetly,
* we can allocate this dynamically. As long as we are keeping
* things backwards compaitble we need to allocate this
* statically.
*/
struct radix_node_head *rt_tables[RT_MAXFIBS][AF_MAX+1];
static int rttrash; /* routes not in table but not freed */
static void rt_maskedcopy(struct sockaddr *,
struct sockaddr *, struct sockaddr *);
static void rtable_init(void **);
/* compare two sockaddr structures */
#define sa_equal(a1, a2) (bcmp((a1), (a2), (a1)->sa_len) == 0)
@ -78,25 +117,83 @@ static void rtable_init(void **);
*/
#define RNTORT(p) ((struct rtentry *)(p))
static void
rtable_init(void **table)
static uma_zone_t rtzone; /* Routing table UMA zone. */
#if 0
/* default fib for tunnels to use */
u_int tunnel_fib = 0;
SYSCTL_INT(_net, OID_AUTO, tunnelfib, CTLFLAG_RD, &tunnel_fib, 0, "");
#endif
/*
* handler for net.my_fibnum
*/
static int
sysctl_my_fibnum(SYSCTL_HANDLER_ARGS)
{
struct domain *dom;
for (dom = domains; dom; dom = dom->dom_next)
if (dom->dom_rtattach)
dom->dom_rtattach(&table[dom->dom_family],
dom->dom_rtoffset);
int fibnum;
int error;
fibnum = curthread->td_proc->p_fibnum;
error = sysctl_handle_int(oidp, &fibnum, 0, req);
return (error);
}
static uma_zone_t rtzone; /* Routing table UMA zone. */
SYSCTL_PROC(_net, OID_AUTO, my_fibnum, CTLTYPE_INT|CTLFLAG_RD,
NULL, 0, &sysctl_my_fibnum, "I", "default FIB of caller");
static void
route_init(void)
{
int table;
struct domain *dom;
int fam;
/* whack teh tunable ints into line. */
if (rt_numfibs > RT_MAXFIBS)
rt_numfibs = RT_MAXFIBS;
if (rt_numfibs == 0)
rt_numfibs = 1;
rtzone = uma_zcreate("rtentry", sizeof(struct rtentry), NULL, NULL,
NULL, NULL, UMA_ALIGN_PTR, 0);
rn_init(); /* initialize all zeroes, all ones, mask table */
rtable_init((void **)rt_tables);
for (dom = domains; dom; dom = dom->dom_next) {
if (dom->dom_rtattach) {
for (table = 0; table < rt_numfibs; table++) {
if ( (fam = dom->dom_family) == AF_INET ||
table == 0) {
/* for now only AF_INET has > 1 table */
/* XXX MRT
* rtattach will be also called
* from vfs_export.c but the
* offset will be 0
* (only for AF_INET and AF_INET6
* which don't need it anyhow)
*/
dom->dom_rtattach(
(void **)&rt_tables[table][fam],
dom->dom_rtoffset);
} else {
break;
}
}
}
}
}
#ifndef _SYS_SYSPROTO_H_
struct setfib_args {
int fibnum;
};
#endif
int
setfib(struct thread *td, struct setfib_args *uap)
{
if (uap->fibnum < 0 || uap->fibnum >= rt_numfibs)
return EINVAL;
td->td_proc->p_fibnum = uap->fibnum;
return (0);
}
/*
@ -105,7 +202,13 @@ route_init(void)
void
rtalloc(struct route *ro)
{
rtalloc_ign(ro, 0UL);
rtalloc_ign_fib(ro, 0UL, 0);
}
void
rtalloc_fib(struct route *ro, u_int fibnum)
{
rtalloc_ign_fib(ro, 0UL, fibnum);
}
void
@ -119,7 +222,23 @@ rtalloc_ign(struct route *ro, u_long ignore)
RTFREE(rt);
ro->ro_rt = NULL;
}
ro->ro_rt = rtalloc1(&ro->ro_dst, 1, ignore);
ro->ro_rt = rtalloc1_fib(&ro->ro_dst, 1, ignore, 0);
if (ro->ro_rt)
RT_UNLOCK(ro->ro_rt);
}
void
rtalloc_ign_fib(struct route *ro, u_long ignore, u_int fibnum)
{
struct rtentry *rt;
if ((rt = ro->ro_rt) != NULL) {
if (rt->rt_ifp != NULL && rt->rt_flags & RTF_UP)
return;
RTFREE(rt);
ro->ro_rt = NULL;
}
ro->ro_rt = rtalloc1_fib(&ro->ro_dst, 1, ignore, fibnum);
if (ro->ro_rt)
RT_UNLOCK(ro->ro_rt);
}
@ -133,7 +252,14 @@ rtalloc_ign(struct route *ro, u_long ignore)
struct rtentry *
rtalloc1(struct sockaddr *dst, int report, u_long ignflags)
{
struct radix_node_head *rnh = rt_tables[dst->sa_family];
return (rtalloc1_fib(dst, report, ignflags, 0));
}
struct rtentry *
rtalloc1_fib(struct sockaddr *dst, int report, u_long ignflags,
u_int fibnum)
{
struct radix_node_head *rnh;
struct rtentry *rt;
struct radix_node *rn;
struct rtentry *newrt;
@ -141,6 +267,10 @@ rtalloc1(struct sockaddr *dst, int report, u_long ignflags)
u_long nflags;
int err = 0, msgtype = RTM_MISS;
KASSERT((fibnum < rt_numfibs), ("rtalloc1_fib: bad fibnum"));
if (dst->sa_family != AF_INET) /* Only INET supports > 1 fib now */
fibnum = 0;
rnh = rt_tables[fibnum][dst->sa_family];
newrt = NULL;
/*
* Look up the address in the table for that Address Family
@ -164,8 +294,8 @@ rtalloc1(struct sockaddr *dst, int report, u_long ignflags)
* If it requires that it be cloned, do so.
* (This implies it wasn't a HOST route.)
*/
err = rtrequest(RTM_RESOLVE, dst, NULL,
NULL, 0, &newrt);
err = rtrequest_fib(RTM_RESOLVE, dst, NULL,
NULL, 0, &newrt, fibnum);
if (err) {
/*
* If the cloning didn't succeed, maybe
@ -237,7 +367,7 @@ rtfree(struct rtentry *rt)
struct radix_node_head *rnh;
KASSERT(rt != NULL,("%s: NULL rt", __func__));
rnh = rt_tables[rt_key(rt)->sa_family];
rnh = rt_tables[rt->rt_fibnum][rt_key(rt)->sa_family];
KASSERT(rnh != NULL,("%s: NULL rnh", __func__));
RT_LOCK_ASSERT(rt);
@ -322,6 +452,17 @@ rtredirect(struct sockaddr *dst,
struct sockaddr *netmask,
int flags,
struct sockaddr *src)
{
rtredirect_fib(dst, gateway, netmask, flags, src, 0);
}
void
rtredirect_fib(struct sockaddr *dst,
struct sockaddr *gateway,
struct sockaddr *netmask,
int flags,
struct sockaddr *src,
u_int fibnum)
{
struct rtentry *rt, *rt0 = NULL;
int error = 0;
@ -334,7 +475,7 @@ rtredirect(struct sockaddr *dst,
error = ENETUNREACH;
goto out;
}
rt = rtalloc1(dst, 0, 0UL); /* NB: rt is locked */
rt = rtalloc1_fib(dst, 0, 0UL, fibnum); /* NB: rt is locked */
/*
* If the redirect isn't from our current router for this dst,
* it's either old or wrong. If it redirects us to ourselves,
@ -377,7 +518,7 @@ rtredirect(struct sockaddr *dst,
info.rti_info[RTAX_NETMASK] = netmask;
info.rti_ifa = ifa;
info.rti_flags = flags;
error = rtrequest1(RTM_ADD, &info, &rt);
error = rtrequest1_fib(RTM_ADD, &info, &rt, fibnum);
if (rt != NULL) {
RT_LOCK(rt);
EVENTHANDLER_INVOKE(route_redirect_event, rt0, rt, dst);
@ -423,11 +564,17 @@ out:
rt_missmsg(RTM_REDIRECT, &info, flags, error);
}
int
rtioctl(u_long req, caddr_t data)
{
return (rtioctl_fib(req, data, 0));
}
/*
* Routing table ioctl interface.
*/
int
rtioctl(u_long req, caddr_t data)
rtioctl_fib(u_long req, caddr_t data, u_int fibnum)
{
/*
@ -438,7 +585,7 @@ rtioctl(u_long req, caddr_t data)
*/
#ifdef INET
/* Multicast goop, grrr... */
return mrt_ioctl ? mrt_ioctl(req, data) : EOPNOTSUPP;
return mrt_ioctl ? mrt_ioctl(req, data, fibnum) : EOPNOTSUPP;
#else /* INET */
return ENXIO;
#endif /* INET */
@ -446,6 +593,13 @@ rtioctl(u_long req, caddr_t data)
struct ifaddr *
ifa_ifwithroute(int flags, struct sockaddr *dst, struct sockaddr *gateway)
{
return (ifa_ifwithroute_fib(flags, dst, gateway, 0));
}
struct ifaddr *
ifa_ifwithroute_fib(int flags, struct sockaddr *dst, struct sockaddr *gateway,
u_int fibnum)
{
register struct ifaddr *ifa;
int not_found = 0;
@ -474,7 +628,7 @@ ifa_ifwithroute(int flags, struct sockaddr *dst, struct sockaddr *gateway)
if (ifa == NULL)
ifa = ifa_ifwithnet(gateway);
if (ifa == NULL) {
struct rtentry *rt = rtalloc1(gateway, 0, 0UL);
struct rtentry *rt = rtalloc1_fib(gateway, 0, 0UL, fibnum);
if (rt == NULL)
return (NULL);
/*
@ -528,6 +682,18 @@ rtrequest(int req,
struct sockaddr *netmask,
int flags,
struct rtentry **ret_nrt)
{
return (rtrequest_fib(req, dst, gateway, netmask, flags, ret_nrt, 0));
}
int
rtrequest_fib(int req,
struct sockaddr *dst,
struct sockaddr *gateway,
struct sockaddr *netmask,
int flags,
struct rtentry **ret_nrt,
u_int fibnum)
{
struct rt_addrinfo info;
@ -539,7 +705,7 @@ rtrequest(int req,
info.rti_info[RTAX_DST] = dst;
info.rti_info[RTAX_GATEWAY] = gateway;
info.rti_info[RTAX_NETMASK] = netmask;
return rtrequest1(req, &info, ret_nrt);
return rtrequest1_fib(req, &info, ret_nrt, fibnum);
}
/*
@ -555,6 +721,12 @@ rtrequest(int req,
int
rt_getifa(struct rt_addrinfo *info)
{
return (rt_getifa_fib(info, 0));
}
int
rt_getifa_fib(struct rt_addrinfo *info, u_int fibnum)
{
struct ifaddr *ifa;
int error = 0;
@ -577,9 +749,11 @@ rt_getifa(struct rt_addrinfo *info)
if (sa != NULL && info->rti_ifp != NULL)
info->rti_ifa = ifaof_ifpforaddr(sa, info->rti_ifp);
else if (dst != NULL && gateway != NULL)
info->rti_ifa = ifa_ifwithroute(flags, dst, gateway);
info->rti_ifa = ifa_ifwithroute_fib(flags, dst, gateway,
fibnum);
else if (sa != NULL)
info->rti_ifa = ifa_ifwithroute(flags, sa, sa);
info->rti_ifa = ifa_ifwithroute_fib(flags, sa, sa,
fibnum);
}
if ((ifa = info->rti_ifa) != NULL) {
if (info->rti_ifp == NULL)
@ -613,7 +787,7 @@ rtexpunge(struct rtentry *rt)
/*
* Find the correct routing tree to use for this Address Family
*/
rnh = rt_tables[rt_key(rt)->sa_family];
rnh = rt_tables[rt->rt_fibnum][rt_key(rt)->sa_family];
if (rnh == NULL)
return (EAFNOSUPPORT);
@ -679,6 +853,13 @@ bad:
int
rtrequest1(int req, struct rt_addrinfo *info, struct rtentry **ret_nrt)
{
return (rtrequest1_fib(req, info, ret_nrt, 0));
}
int
rtrequest1_fib(int req, struct rt_addrinfo *info, struct rtentry **ret_nrt,
u_int fibnum)
{
int error = 0;
register struct rtentry *rt;
@ -688,10 +869,13 @@ rtrequest1(int req, struct rt_addrinfo *info, struct rtentry **ret_nrt)
struct sockaddr *ndst;
#define senderr(x) { error = x ; goto bad; }
KASSERT((fibnum < rt_numfibs), ("rtrequest1_fib: bad fibnum"));
if (dst->sa_family != AF_INET) /* Only INET supports > 1 fib now */
fibnum = 0;
/*
* Find the correct routing tree to use for this Address Family
*/
rnh = rt_tables[dst->sa_family];
rnh = rt_tables[fibnum][dst->sa_family];
if (rnh == NULL)
return (EAFNOSUPPORT);
RADIX_NODE_HEAD_LOCK(rnh);
@ -848,7 +1032,7 @@ deldone:
(gateway->sa_family != AF_UNSPEC) && (gateway->sa_family != AF_LINK))
senderr(EINVAL);
if (info->rti_ifa == NULL && (error = rt_getifa(info)))
if (info->rti_ifa == NULL && (error = rt_getifa_fib(info, fibnum)))
senderr(error);
ifa = info->rti_ifa;
@ -858,6 +1042,7 @@ deldone:
senderr(ENOBUFS);
RT_LOCK_INIT(rt);
rt->rt_flags = RTF_UP | flags;
rt->rt_fibnum = fibnum;
/*
* Add the gateway. Possibly re-malloc-ing the storage for it
* also add the rt_gwroute if possible.
@ -918,7 +1103,7 @@ deldone:
* then we just blow it away and retry the insertion
* of the new one.
*/
rt2 = rtalloc1(dst, 0, 0);
rt2 = rtalloc1_fib(dst, 0, 0, fibnum);
if (rt2 && rt2->rt_parent) {
rtexpunge(rt2);
RT_UNLOCK(rt2);
@ -1034,8 +1219,8 @@ rt_fixdelete(struct radix_node *rn, void *vp)
if (rt->rt_parent == rt0 &&
!(rt->rt_flags & (RTF_PINNED | RTF_CLONING))) {
return rtrequest(RTM_DELETE, rt_key(rt), NULL, rt_mask(rt),
rt->rt_flags, NULL);
return rtrequest_fib(RTM_DELETE, rt_key(rt), NULL, rt_mask(rt),
rt->rt_flags, NULL, rt->rt_fibnum);
}
return 0;
}
@ -1099,15 +1284,15 @@ rt_fixchange(struct radix_node *rn, void *vp)
* changed/added under the node's mask. So, get rid of it.
*/
delete_rt:
return rtrequest(RTM_DELETE, rt_key(rt), NULL,
rt_mask(rt), rt->rt_flags, NULL);
return rtrequest_fib(RTM_DELETE, rt_key(rt), NULL,
rt_mask(rt), rt->rt_flags, NULL, rt->rt_fibnum);
}
int
rt_setgate(struct rtentry *rt, struct sockaddr *dst, struct sockaddr *gate)
{
/* XXX dst may be overwritten, can we move this to below */
struct radix_node_head *rnh = rt_tables[dst->sa_family];
struct radix_node_head *rnh = rt_tables[rt->rt_fibnum][dst->sa_family];
int dlen = SA_SIZE(dst), glen = SA_SIZE(gate);
again:
@ -1138,7 +1323,7 @@ again:
struct rtentry *gwrt;
RT_UNLOCK(rt); /* XXX workaround LOR */
gwrt = rtalloc1(gate, 1, 0);
gwrt = rtalloc1_fib(gate, 1, 0, rt->rt_fibnum);
if (gwrt == rt) {
RT_REMREF(rt);
return (EADDRINUSE); /* failure */
@ -1243,15 +1428,19 @@ rt_maskedcopy(struct sockaddr *src, struct sockaddr *dst, struct sockaddr *netma
* Set up a routing table entry, normally
* for an interface.
*/
int
rtinit(struct ifaddr *ifa, int cmd, int flags)
#define _SOCKADDR_TMPSIZE 128 /* Not too big.. kernel stack size is limited */
static inline int
rtinit1(struct ifaddr *ifa, int cmd, int flags, int fibnum)
{
struct sockaddr *dst;
struct sockaddr *netmask;
struct mbuf *m = NULL;
struct rtentry *rt = NULL;
struct rt_addrinfo info;
int error=0;
int error = 0;
int startfib, endfib;
char tempbuf[_SOCKADDR_TMPSIZE];
int didwork = 0;
int a_failure = 0;
if (flags & RTF_HOST) {
dst = ifa->ifa_dstaddr;
@ -1260,126 +1449,190 @@ rtinit(struct ifaddr *ifa, int cmd, int flags)
dst = ifa->ifa_addr;
netmask = ifa->ifa_netmask;
}
if ( dst->sa_family != AF_INET)
fibnum = 0;
if (fibnum == -1) {
startfib = 0;
endfib = rt_numfibs - 1;
} else {
KASSERT((fibnum < rt_numfibs), ("rtinit1: bad fibnum"));
startfib = fibnum;
endfib = fibnum;
}
if (dst->sa_len == 0)
return(EINVAL);
/*
* If it's a delete, check that if it exists, it's on the correct
* interface or we might scrub a route to another ifa which would
* If it's a delete, check that if it exists,
* it's on the correct interface or we might scrub
* a route to another ifa which would
* be confusing at best and possibly worse.
*/
if (cmd == RTM_DELETE) {
struct sockaddr *deldst;
struct radix_node_head *rnh;
struct radix_node *rn;
/*
* It's a delete, so it should already exist..
* If it's a net, mask off the host bits
* (Assuming we have a mask)
* XXX this is kinda inet specific..
*/
if (netmask != NULL) {
m = m_get(M_DONTWAIT, MT_SONAME);
if (m == NULL)
return(ENOBUFS);
deldst = mtod(m, struct sockaddr *);
rt_maskedcopy(dst, deldst, netmask);
dst = deldst;
}
/*
* Look up an rtentry that is in the routing tree and
* contains the correct info.
*/
if ((rnh = rt_tables[dst->sa_family]) == NULL)
goto bad;
RADIX_NODE_HEAD_LOCK(rnh);
#ifdef RADIX_MPATH
if (rn_mpath_capable(rnh)) {
rn = rnh->rnh_matchaddr(dst, rnh);
if (rn == NULL)
error = ESRCH;
else {
rt = RNTORT(rn);
/*
* for interface route the rt->rt_gateway is
* sockaddr_intf for cloning ARP entries, so
* rt_mpath_matchgate must use the interface
* address
*/
rt = rt_mpath_matchgate(rt, ifa->ifa_addr);
if (!rt)
error = ESRCH;
}
}
else
#endif
error = ((rn = rnh->rnh_lookup(dst, netmask, rnh)) == NULL ||
(rn->rn_flags & RNF_ROOT) ||
RNTORT(rn)->rt_ifa != ifa ||
!sa_equal((struct sockaddr *)rn->rn_key, dst));
RADIX_NODE_HEAD_UNLOCK(rnh);
if (error) {
bad:
if (m)
(void) m_free(m);
return (flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
rt_maskedcopy(dst, (struct sockaddr *)tempbuf, netmask);
dst = (struct sockaddr *)tempbuf;
}
}
/*
* Do the actual request
* Now go through all the requested tables (fibs) and do the
* requested action. Realistically, this will either be fib 0
* for protocols that don't do multiple tables or all the
* tables for those that do. XXX For this version only AF_INET.
* When that changes code should be refactored to protocol
* independent parts and protocol dependent parts.
*/
bzero((caddr_t)&info, sizeof(info));
info.rti_ifa = ifa;
info.rti_flags = flags | ifa->ifa_flags;
info.rti_info[RTAX_DST] = dst;
info.rti_info[RTAX_GATEWAY] = ifa->ifa_addr;
info.rti_info[RTAX_NETMASK] = netmask;
error = rtrequest1(cmd, &info, &rt);
if (error == 0 && rt != NULL) {
/*
* notify any listening routing agents of the change
*/
RT_LOCK(rt);
#ifdef RADIX_MPATH
/*
* in case address alias finds the first address
* e.g. ifconfig bge0 192.103.54.246/24
* e.g. ifconfig bge0 192.103.54.247/24
* the address set in the route is 192.103.54.246
* so we need to replace it with 192.103.54.247
*/
if (memcmp(rt->rt_ifa->ifa_addr, ifa->ifa_addr, ifa->ifa_addr->sa_len)) {
IFAFREE(rt->rt_ifa);
IFAREF(ifa);
rt->rt_ifp = ifa->ifa_ifp;
rt->rt_ifa = ifa;
}
#endif
rt_newaddrmsg(cmd, ifa, error, rt);
for ( fibnum = startfib; fibnum <= endfib; fibnum++) {
if (cmd == RTM_DELETE) {
struct radix_node_head *rnh;
struct radix_node *rn;
/*
* If we are deleting, and we found an entry, then
* it's been removed from the tree.. now throw it away.
* Look up an rtentry that is in the routing tree and
* contains the correct info.
*/
RTFREE_LOCKED(rt);
} else {
if (cmd == RTM_ADD) {
/*
* We just wanted to add it.. we don't actually
* need a reference.
*/
RT_REMREF(rt);
if ((rnh = rt_tables[fibnum][dst->sa_family]) == NULL)
/* this table doesn't exist but others might */
continue;
RADIX_NODE_HEAD_LOCK(rnh);
#ifdef RADIX_MPATH
if (rn_mpath_capable(rnh)) {
rn = rnh->rnh_matchaddr(dst, rnh);
if (rn == NULL)
error = ESRCH;
else {
rt = RNTORT(rn);
/*
* for interface route the
* rt->rt_gateway is sockaddr_intf
* for cloning ARP entries, so
* rt_mpath_matchgate must use the
* interface address
*/
rt = rt_mpath_matchgate(rt,
ifa->ifa_addr);
if (!rt)
error = ESRCH;
}
}
RT_UNLOCK(rt);
else
#endif
rn = rnh->rnh_lookup(dst, netmask, rnh);
error = (rn == NULL ||
(rn->rn_flags & RNF_ROOT) ||
RNTORT(rn)->rt_ifa != ifa ||
!sa_equal((struct sockaddr *)rn->rn_key, dst));
RADIX_NODE_HEAD_UNLOCK(rnh);
if (error) {
/* this is only an error if bad on ALL tables */
continue;
}
}
/*
* Do the actual request
*/
bzero((caddr_t)&info, sizeof(info));
info.rti_ifa = ifa;
info.rti_flags = flags | ifa->ifa_flags;
info.rti_info[RTAX_DST] = dst;
info.rti_info[RTAX_GATEWAY] = ifa->ifa_addr;
info.rti_info[RTAX_NETMASK] = netmask;
error = rtrequest1_fib(cmd, &info, &rt, fibnum);
if (error == 0 && rt != NULL) {
/*
* notify any listening routing agents of the change
*/
RT_LOCK(rt);
#ifdef RADIX_MPATH
/*
* in case address alias finds the first address
* e.g. ifconfig bge0 192.103.54.246/24
* e.g. ifconfig bge0 192.103.54.247/24
* the address set in the route is 192.103.54.246
* so we need to replace it with 192.103.54.247
*/
if (memcmp(rt->rt_ifa->ifa_addr,
ifa->ifa_addr, ifa->ifa_addr->sa_len)) {
IFAFREE(rt->rt_ifa);
IFAREF(ifa);
rt->rt_ifp = ifa->ifa_ifp;
rt->rt_ifa = ifa;
}
#endif
rt_newaddrmsg(cmd, ifa, error, rt);
if (cmd == RTM_DELETE) {
/*
* If we are deleting, and we found an entry,
* then it's been removed from the tree..
* now throw it away.
*/
RTFREE_LOCKED(rt);
} else {
if (cmd == RTM_ADD) {
/*
* We just wanted to add it..
* we don't actually need a reference.
*/
RT_REMREF(rt);
}
RT_UNLOCK(rt);
}
didwork = 1;
}
if (error)
a_failure = error;
}
if (cmd == RTM_DELETE) {
if (didwork) {
error = 0;
} else {
/* we only give an error if it wasn't in any table */
error = ((flags & RTF_HOST) ?
EHOSTUNREACH : ENETUNREACH);
}
} else {
if (a_failure) {
/* return an error if any of them failed */
error = a_failure;
}
}
if (m)
(void) m_free(m);
return (error);
}
/* special one for inet internal use. may not use. */
int
rtinit_fib(struct ifaddr *ifa, int cmd, int flags)
{
return (rtinit1(ifa, cmd, flags, -1));
}
/*
* Set up a routing table entry, normally
* for an interface.
*/
int
rtinit(struct ifaddr *ifa, int cmd, int flags)
{
struct sockaddr *dst;
int fib = 0;
if (flags & RTF_HOST) {
dst = ifa->ifa_dstaddr;
} else {
dst = ifa->ifa_addr;
}
if (dst->sa_family == AF_INET)
fib = -1;
return (rtinit1(ifa, cmd, flags, fib));
}
/*
* rt_check() is invoked on each layer 2 output path, prior to
* encapsulating outbound packets.
@ -1399,6 +1652,7 @@ bad:
* final destination if directly reachable);
* *lrt0 points to the cached route to the final destination;
* *lrt is not meaningful;
* fibnum is the index to the correct network fib for this packet
*
* === Operation ===
* If the route is marked down try to find a new route. If the route
@ -1414,6 +1668,13 @@ bad:
*/
int
rt_check(struct rtentry **lrt, struct rtentry **lrt0, struct sockaddr *dst)
{
return (rt_check_fib(lrt, lrt0, dst, 0));
}
int
rt_check_fib(struct rtentry **lrt, struct rtentry **lrt0, struct sockaddr *dst,
u_int fibnum)
{
struct rtentry *rt;
struct rtentry *rt0;
@ -1426,7 +1687,7 @@ rt_check(struct rtentry **lrt, struct rtentry **lrt0, struct sockaddr *dst)
RT_LOCK(rt);
if ((rt->rt_flags & RTF_UP) == 0) {
RT_UNLOCK(rt);
rt = rtalloc1(dst, 1, 0UL);
rt = rtalloc1_fib(dst, 1, 0UL, fibnum);
if (rt != NULL) {
RT_REMREF(rt);
/* XXX what about if change? */
@ -1446,7 +1707,8 @@ rt_check(struct rtentry **lrt, struct rtentry **lrt0, struct sockaddr *dst)
rt0->rt_gwroute = NULL;
lookup:
RT_UNLOCK(rt0);
rt = rtalloc1(rt->rt_gateway, 1, 0UL);
/* XXX MRT link level looked up in table 0 */
rt = rtalloc1_fib(rt->rt_gateway, 1, 0UL, 0);
if (rt == rt0) {
RT_REMREF(rt0);
RT_UNLOCK(rt0);

35
sys/net/route.h
View File

@ -82,6 +82,10 @@ struct rt_metrics {
#define RTM_RTTUNIT 1000000 /* units for rtt, rttvar, as units per sec */
#define RTTTOPRHZ(r) ((r) / (RTM_RTTUNIT / PR_SLOWHZ))
#define RT_MAXFIBS 16
extern u_int rt_numfibs; /* number fo usable routing tables */
extern u_int tunnel_fib; /* tunnels use these */
extern u_int fwd_fib; /* packets being forwarded use these routes */
/*
* XXX kernel function pointer `rt_output' is visible to applications.
*/
@ -120,6 +124,7 @@ struct rtentry {
caddr_t rt_llinfo; /* pointer to link level info cache */
struct rtentry *rt_gwroute; /* implied entry for gatewayed routes */
struct rtentry *rt_parent; /* cloning parent of this route */
u_int rt_fibnum; /* which FIB */
#ifdef _KERNEL
/* XXX ugly, user apps use this definition but don't have a mtx def */
struct mtx rt_mtx; /* mutex for routing entry */
@ -325,11 +330,10 @@ struct rt_addrinfo {
RTFREE_LOCKED(_rt); \
} while (0)
extern struct radix_node_head *rt_tables[AF_MAX+1];
extern struct radix_node_head *rt_tables[RT_MAXFIBS][AF_MAX+1];
struct ifmultiaddr;
int rt_getifa(struct rt_addrinfo *);
void rt_ieee80211msg(struct ifnet *, int, void *, size_t);
void rt_ifannouncemsg(struct ifnet *, int);
void rt_ifmsg(struct ifnet *);
@ -350,11 +354,15 @@ int rt_setgate(struct rtentry *, struct sockaddr *, struct sockaddr *);
* RTFREE() uses an unlocked entry.
*/
int rtexpunge(struct rtentry *);
void rtfree(struct rtentry *);
/* XXX MRT COMPAT VERSIONS THAT SET UNIVERSE to 0 */
/* Thes are used by old code not yet converted to use multiple FIBS */
int rt_getifa(struct rt_addrinfo *);
void rtalloc_ign(struct route *ro, u_long ignflags);
void rtalloc(struct route *ro); /* XXX deprecated, use rtalloc_ign(ro, 0) */
struct rtentry *rtalloc1(struct sockaddr *, int, u_long);
int rtexpunge(struct rtentry *);
void rtfree(struct rtentry *);
int rtinit(struct ifaddr *, int, int);
int rtioctl(u_long, caddr_t);
void rtredirect(struct sockaddr *, struct sockaddr *,
@ -364,6 +372,25 @@ int rtrequest(int, struct sockaddr *,
int rtrequest1(int, struct rt_addrinfo *, struct rtentry **);
int rt_check(struct rtentry **, struct rtentry **, struct sockaddr *);
/* defaults to "all" FIBs */
int rtinit_fib(struct ifaddr *, int, int);
/* XXX MRT NEW VERSIONS THAT USE FIBs
* For now the protocol indepedent versions are the same as the AF_INET ones
* but this will change..
*/
int rt_getifa_fib(struct rt_addrinfo *, u_int fibnum);
void rtalloc_ign_fib(struct route *ro, u_long ignflags, u_int fibnum);
void rtalloc_fib(struct route *ro, u_int fibnum);
struct rtentry *rtalloc1_fib(struct sockaddr *, int, u_long, u_int);
int rtioctl_fib(u_long, caddr_t, u_int);
void rtredirect_fib(struct sockaddr *, struct sockaddr *,
struct sockaddr *, int, struct sockaddr *, u_int);
int rtrequest_fib(int, struct sockaddr *,
struct sockaddr *, struct sockaddr *, int, struct rtentry **, u_int);
int rtrequest1_fib(int, struct rt_addrinfo *, struct rtentry **, u_int);
int rt_check_fib(struct rtentry **, struct rtentry **, struct sockaddr *, u_int);
#include <sys/eventhandler.h>
typedef void (*rtevent_arp_update_fn)(void *, struct rtentry *, uint8_t *, struct sockaddr *);
typedef void (*rtevent_redirect_fn)(void *, struct rtentry *, struct rtentry *, struct sockaddr *);

14
sys/net/rtsock.c
View File

@ -182,6 +182,7 @@ rts_attach(struct socket *so, int proto, struct thread *td)
*/
s = splnet();
so->so_pcb = (caddr_t)rp;
so->so_fibnum = td->td_proc->p_fibnum;
error = raw_attach(so, proto);
rp = sotorawcb(so);
if (error) {
@ -387,7 +388,8 @@ route_output(struct mbuf *m, struct socket *so)
if (info.rti_info[RTAX_GATEWAY] == NULL)
senderr(EINVAL);
saved_nrt = NULL;
error = rtrequest1(RTM_ADD, &info, &saved_nrt);
error = rtrequest1_fib(RTM_ADD, &info, &saved_nrt,
so->so_fibnum);
if (error == 0 && saved_nrt) {
RT_LOCK(saved_nrt);
rt_setmetrics(rtm->rtm_inits,
@ -401,7 +403,8 @@ route_output(struct mbuf *m, struct socket *so)
case RTM_DELETE:
saved_nrt = NULL;
error = rtrequest1(RTM_DELETE, &info, &saved_nrt);
error = rtrequest1_fib(RTM_DELETE, &info, &saved_nrt,
so->so_fibnum);
if (error == 0) {
RT_LOCK(saved_nrt);
rt = saved_nrt;
@ -412,7 +415,7 @@ route_output(struct mbuf *m, struct socket *so)
case RTM_GET:
case RTM_CHANGE:
case RTM_LOCK:
rnh = rt_tables[info.rti_info[RTAX_DST]->sa_family];
rnh = rt_tables[so->so_fibnum][info.rti_info[RTAX_DST]->sa_family];
if (rnh == NULL)
senderr(EAFNOSUPPORT);
RADIX_NODE_HEAD_LOCK(rnh);
@ -530,7 +533,8 @@ route_output(struct mbuf *m, struct socket *so)
!sa_equal(info.rti_info[RTAX_IFA],
rt->rt_ifa->ifa_addr))) {
RT_UNLOCK(rt);
if ((error = rt_getifa(&info)) != 0)
if ((error = rt_getifa_fib(&info,
rt->rt_fibnum)) != 0)
senderr(error);
RT_LOCK(rt);
}
@ -1278,7 +1282,7 @@ sysctl_rtsock(SYSCTL_HANDLER_ARGS)
} else /* dump only one table */
i = lim = af;
for (error = 0; error == 0 && i <= lim; i++)
if ((rnh = rt_tables[i]) != NULL) {
if ((rnh = rt_tables[curthread->td_proc->p_fibnum][i]) != NULL) {
RADIX_NODE_HEAD_LOCK(rnh);
error = rnh->rnh_walktree(rnh,
sysctl_dumpentry, &w);

1
sys/netatalk/at_extern.h
View File

@ -55,6 +55,7 @@ u_short at_cksum(struct mbuf *m, int skip);
int at_control(struct socket *so, u_long cmd, caddr_t data,
struct ifnet *ifp, struct thread *td);
struct at_ifaddr *at_ifawithnet(struct sockaddr_at *);
int at_inithead(void**, int);
void ddp_init(void);
int ddp_output(struct mbuf *m, struct socket *so);
int ddp_route(struct mbuf *m, struct route *ro);

2
sys/netatalk/at_proto.c
View File

@ -56,7 +56,7 @@ static struct domain atalkdomain = {
.dom_name = "appletalk",
.dom_protosw = atalksw,
.dom_protoswNPROTOSW = &atalksw[sizeof(atalksw)/sizeof(atalksw[0])],
.dom_rtattach = rn_inithead,
.dom_rtattach = at_inithead,
.dom_rtoffset = offsetof(struct sockaddr_at, sat_addr) << 3,
.dom_maxrtkey = sizeof(struct sockaddr_at),
};

6
sys/netgraph/netflow/netflow.c
View File

@ -269,7 +269,8 @@ hash_insert(priv_p priv, struct flow_hash_entry *hsh, struct flow_rec *r,
sin.sin_len = sizeof(struct sockaddr_in);
sin.sin_family = AF_INET;
sin.sin_addr = fle->f.r.r_dst;
rt = rtalloc1((struct sockaddr *)&sin, 0, RTF_CLONING);
/* XXX MRT 0 as a default.. need the m here to get fib */
rt = rtalloc1_fib((struct sockaddr *)&sin, 0, RTF_CLONING, 0);
if (rt != NULL) {
fle->f.fle_o_ifx = rt->rt_ifp->if_index;
@ -293,7 +294,8 @@ hash_insert(priv_p priv, struct flow_hash_entry *hsh, struct flow_rec *r,
sin.sin_len = sizeof(struct sockaddr_in);
sin.sin_family = AF_INET;
sin.sin_addr = fle->f.r.r_src;
rt = rtalloc1((struct sockaddr *)&sin, 0, RTF_CLONING);
/* XXX MRT 0 as a default revisit. need the mbuf for fib*/
rt = rtalloc1_fib((struct sockaddr *)&sin, 0, RTF_CLONING, 0);
if (rt != NULL) {
if (rt_mask(rt))
fle->f.src_mask = bitcount32(((struct sockaddr_in *)

2
sys/netinet/if_atm.c
View File

@ -327,7 +327,7 @@ atmresolve(struct rtentry *rt, struct mbuf *m, struct sockaddr *dst,
}
if (rt == NULL) {
rt = RTALLOC1(dst, 0);
rt = RTALLOC1(dst, 0); /* link level on table 0 XXX MRT */
if (rt == NULL)
goto bad; /* failed */
RT_REMREF(rt); /* don't keep LL references */

297
sys/netinet/if_ether.c
View File

@ -116,7 +116,7 @@ static void arprequest(struct ifnet *,
static void arpintr(struct mbuf *);
static void arptimer(void *);
static struct rtentry
*arplookup(u_long, int, int);
*arplookup(u_long, int, int, int);
#ifdef INET
static void in_arpinput(struct mbuf *);
#endif
@ -138,7 +138,8 @@ arptimer(void *arg)
*/
RT_UNLOCK(rt);
rtrequest(RTM_DELETE, rt_key(rt), NULL, rt_mask(rt), 0, NULL);
in_rtrequest(RTM_DELETE, rt_key(rt), NULL, rt_mask(rt), 0, NULL,
rt->rt_fibnum);
}
/*
@ -362,6 +363,7 @@ arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m,
struct rtentry *rt = NULL;
struct sockaddr_dl *sdl;
int error;
int fibnum = 0;
if (m) {
if (m->m_flags & M_BCAST) {
@ -375,10 +377,14 @@ arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m,
ETHER_MAP_IP_MULTICAST(&SIN(dst)->sin_addr, desten);
return (0);
}
fibnum = M_GETFIB(m);
}
if (rt0 != NULL) {
error = rt_check(&rt, &rt0, dst);
/* Look for a cached arp (ll) entry. */
if (m == NULL)
fibnum = rt0->rt_fibnum;
error = in_rt_check(&rt, &rt0, dst, fibnum);
if (error) {
m_freem(m);
return error;
@ -389,10 +395,14 @@ arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m,
}
if (la == NULL) {
/*
* We enter this block in case if rt0 was NULL,
* or if rt found by rt_check() didn't have llinfo.
* We enter this block if rt0 was NULL,
* or if rt found by in_rt_check() didn't have llinfo.
* we should get a cloned route, which since it should
* come from the local interface should have a ll entry.
* if may be incoplete but that's ok.
* XXXMRT if we haven't found a fibnum is that OK?
*/
rt = arplookup(SIN(dst)->sin_addr.s_addr, 1, 0);
rt = arplookup(SIN(dst)->sin_addr.s_addr, 1, 0, fibnum);
if (rt == NULL) {
log(LOG_DEBUG,
"arpresolve: can't allocate route for %s\n",
@ -582,6 +592,9 @@ in_arpinput(struct mbuf *m)
int op, rif_len;
int req_len;
int bridged = 0;
u_int fibnum;
u_int goodfib = 0;
int firstpass = 1;
#ifdef DEV_CARP
int carp_match = 0;
#endif
@ -674,133 +687,181 @@ match:
}
if (ifp->if_flags & IFF_STATICARP)
goto reply;
rt = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
if (rt != NULL) {
sin.sin_addr.s_addr = isaddr.s_addr;
EVENTHANDLER_INVOKE(route_arp_update_event, rt,
ar_sha(ah), (struct sockaddr *)&sin);
/*
* We look for any FIBs that has this address to find
* the interface etc.
* For sanity checks that are FIB independent we abort the loop.
*/
for (fibnum = 0; fibnum < rt_numfibs; fibnum++) {
rt = arplookup(isaddr.s_addr,
itaddr.s_addr == myaddr.s_addr, 0, fibnum);
if (rt == NULL)
continue;
sdl = SDL(rt->rt_gateway);
/* Only call this once */
if (firstpass) {
sin.sin_addr.s_addr = isaddr.s_addr;
EVENTHANDLER_INVOKE(route_arp_update_event, rt,
ar_sha(ah), (struct sockaddr *)&sin);
}
la = (struct llinfo_arp *)rt->rt_llinfo;
if (la == NULL) {
RT_UNLOCK(rt);
goto reply;
continue;
}
} else
goto reply;
/* The following is not an error when doing bridging. */
if (!bridged && rt->rt_ifp != ifp
if (firstpass) {
/* The following is not an error when doing bridging. */
if (!bridged && rt->rt_ifp != ifp
#ifdef DEV_CARP
&& (ifp->if_type != IFT_CARP || !carp_match)
&& (ifp->if_type != IFT_CARP || !carp_match)
#endif
) {
if (log_arp_wrong_iface)
log(LOG_ERR, "arp: %s is on %s but got reply from %*D on %s\n",
inet_ntoa(isaddr),
rt->rt_ifp->if_xname,
ifp->if_addrlen, (u_char *)ar_sha(ah), ":",
ifp->if_xname);
RT_UNLOCK(rt);
goto reply;
}
sdl = SDL(rt->rt_gateway);
if (sdl->sdl_alen &&
bcmp(ar_sha(ah), LLADDR(sdl), sdl->sdl_alen)) {
if (rt->rt_expire) {
if (log_arp_movements)
log(LOG_INFO, "arp: %s moved from %*D to %*D on %s\n",
inet_ntoa(isaddr),
ifp->if_addrlen, (u_char *)LLADDR(sdl), ":",
ifp->if_addrlen, (u_char *)ar_sha(ah), ":",
ifp->if_xname);
} else {
RT_UNLOCK(rt);
if (log_arp_permanent_modify)
log(LOG_ERR, "arp: %*D attempts to modify "
"permanent entry for %s on %s\n",
ifp->if_addrlen, (u_char *)ar_sha(ah), ":",
inet_ntoa(isaddr), ifp->if_xname);
goto reply;
}
}
/*
* sanity check for the address length.
* XXX this does not work for protocols with variable address
* length. -is
*/
if (sdl->sdl_alen &&
sdl->sdl_alen != ah->ar_hln) {
log(LOG_WARNING,
"arp from %*D: new addr len %d, was %d",
ifp->if_addrlen, (u_char *) ar_sha(ah), ":",
ah->ar_hln, sdl->sdl_alen);
}
if (ifp->if_addrlen != ah->ar_hln) {
log(LOG_WARNING,
"arp from %*D: addr len: new %d, i/f %d (ignored)",
ifp->if_addrlen, (u_char *) ar_sha(ah), ":",
ah->ar_hln, ifp->if_addrlen);
RT_UNLOCK(rt);
goto reply;
}
(void)memcpy(LLADDR(sdl), ar_sha(ah),
sdl->sdl_alen = ah->ar_hln);
/*
* If we receive an arp from a token-ring station over
* a token-ring nic then try to save the source
* routing info.
*/
if (ifp->if_type == IFT_ISO88025) {
struct iso88025_header *th = NULL;
struct iso88025_sockaddr_dl_data *trld;
th = (struct iso88025_header *)m->m_pkthdr.header;
trld = SDL_ISO88025(sdl);
rif_len = TR_RCF_RIFLEN(th->rcf);
if ((th->iso88025_shost[0] & TR_RII) &&
(rif_len > 2)) {
trld->trld_rcf = th->rcf;
trld->trld_rcf ^= htons(TR_RCF_DIR);
memcpy(trld->trld_route, th->rd, rif_len - 2);
trld->trld_rcf &= ~htons(TR_RCF_BCST_MASK);
) {
if (log_arp_wrong_iface)
log(LOG_ERR, "arp: %s is on %s "
"but got reply from %*D "
"on %s\n",
inet_ntoa(isaddr),
rt->rt_ifp->if_xname,
ifp->if_addrlen,
(u_char *)ar_sha(ah), ":",
ifp->if_xname);
RT_UNLOCK(rt);
break;
}
if (sdl->sdl_alen &&
bcmp(ar_sha(ah), LLADDR(sdl), sdl->sdl_alen)) {
if (rt->rt_expire) {
if (log_arp_movements)
log(LOG_INFO,
"arp: %s moved from %*D to %*D "
"on %s\n",
inet_ntoa(isaddr),
ifp->if_addrlen,
(u_char *)LLADDR(sdl), ":",
ifp->if_addrlen,
(u_char *)ar_sha(ah), ":",
ifp->if_xname);
} else {
RT_UNLOCK(rt);
if (log_arp_permanent_modify)
log(LOG_ERR,
"arp: %*D attempts to "
"modify permanent entry "
"for %s on %s\n",
ifp->if_addrlen,
(u_char *)ar_sha(ah), ":",
inet_ntoa(isaddr),
ifp->if_xname);
break;
}
}
/*
* Set up source routing information for
* reply packet (XXX)
* sanity check for the address length.
* XXX this does not work for protocols
* with variable address length. -is
*/
m->m_data -= rif_len;
m->m_len += rif_len;
m->m_pkthdr.len += rif_len;
} else {
th->iso88025_shost[0] &= ~TR_RII;
trld->trld_rcf = 0;
if (sdl->sdl_alen &&
sdl->sdl_alen != ah->ar_hln) {
log(LOG_WARNING,
"arp from %*D: new addr len %d, was %d",
ifp->if_addrlen, (u_char *) ar_sha(ah),
":", ah->ar_hln, sdl->sdl_alen);
}
if (ifp->if_addrlen != ah->ar_hln) {
log(LOG_WARNING,
"arp from %*D: addr len: "
"new %d, i/f %d (ignored)",
ifp->if_addrlen, (u_char *) ar_sha(ah),
":", ah->ar_hln, ifp->if_addrlen);
RT_UNLOCK(rt);
break;
}
firstpass = 0;
goodfib = fibnum;
}
m->m_data -= 8;
m->m_len += 8;
m->m_pkthdr.len += 8;
th->rcf = trld->trld_rcf;
}
if (rt->rt_expire) {
rt->rt_expire = time_uptime + arpt_keep;
callout_reset(&la->la_timer, hz * arpt_keep, arptimer, rt);
}
la->la_asked = 0;
la->la_preempt = arp_maxtries;
hold = la->la_hold;
la->la_hold = NULL;
RT_UNLOCK(rt);
if (hold != NULL)
(*ifp->if_output)(ifp, hold, rt_key(rt), rt);
/* Copy in the information received. */
(void)memcpy(LLADDR(sdl), ar_sha(ah),
sdl->sdl_alen = ah->ar_hln);
/*
* If we receive an arp from a token-ring station over
* a token-ring nic then try to save the source routing info.
* XXXMRT Only minimal Token Ring support for MRT.
* Only do this on the first pass as if modifies the mbuf.
*/
if (ifp->if_type == IFT_ISO88025) {
struct iso88025_header *th = NULL;
struct iso88025_sockaddr_dl_data *trld;
/* force the fib loop to end after this pass */
fibnum = rt_numfibs - 1;
th = (struct iso88025_header *)m->m_pkthdr.header;
trld = SDL_ISO88025(sdl);
rif_len = TR_RCF_RIFLEN(th->rcf);
if ((th->iso88025_shost[0] & TR_RII) &&
(rif_len > 2)) {
trld->trld_rcf = th->rcf;
trld->trld_rcf ^= htons(TR_RCF_DIR);
memcpy(trld->trld_route, th->rd, rif_len - 2);
trld->trld_rcf &= ~htons(TR_RCF_BCST_MASK);
/*
* Set up source routing information for
* reply packet (XXX)
*/
m->m_data -= rif_len;
m->m_len += rif_len;
m->m_pkthdr.len += rif_len;
} else {
th->iso88025_shost[0] &= ~TR_RII;
trld->trld_rcf = 0;
}
m->m_data -= 8;
m->m_len += 8;
m->m_pkthdr.len += 8;
th->rcf = trld->trld_rcf;
}
if (rt->rt_expire) {
rt->rt_expire = time_uptime + arpt_keep;
callout_reset(&la->la_timer, hz * arpt_keep,
arptimer, rt);
}
la->la_asked = 0;
la->la_preempt = arp_maxtries;
hold = la->la_hold;
la->la_hold = NULL;
RT_UNLOCK(rt);
if (hold != NULL)
(*ifp->if_output)(ifp, hold, rt_key(rt), rt);
} /* end of FIB loop */
reply:
/*
* Decide if we have to respond to something.
*/
if (op != ARPOP_REQUEST)
goto drop;
if (itaddr.s_addr == myaddr.s_addr) {
/* I am the target */
/* Shortcut.. the receiving interface is the target. */
(void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln);
(void)memcpy(ar_sha(ah), enaddr, ah->ar_hln);
} else {
rt = arplookup(itaddr.s_addr, 0, SIN_PROXY);
/* It's not asking for our address. But it still may
* be something we should answer.
*
* XXX MRT
* We assume that link level info is independent of
* the table used and so we use whichever we can and don't
* have a better option.
*/
/* Have we been asked to proxy for the target. */
rt = arplookup(itaddr.s_addr, 0, SIN_PROXY, goodfib);
if (rt == NULL) {
/* Nope, only intersted now if proxying everything. */
struct sockaddr_in sin;
if (!arp_proxyall)
@ -811,7 +872,8 @@ reply:
sin.sin_len = sizeof sin;
sin.sin_addr = itaddr;
rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL);
/* XXX MRT use table 0 for arp reply */
rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0);
if (!rt)
goto drop;
/*
@ -835,7 +897,8 @@ reply:
*/
sin.sin_addr = isaddr;
rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL);
/* XXX MRT use table 0 for arp checks */
rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0);
if (!rt)
goto drop;
if (rt->rt_ifp != ifp) {
@ -905,7 +968,7 @@ drop:
* Lookup or enter a new address in arptab.
*/
static struct rtentry *
arplookup(u_long addr, int create, int proxy)
arplookup(u_long addr, int create, int proxy, int fibnum)
{
struct rtentry *rt;
struct sockaddr_inarp sin;
@ -917,7 +980,7 @@ arplookup(u_long addr, int create, int proxy)
sin.sin_addr.s_addr = addr;
if (proxy)
sin.sin_other = SIN_PROXY;
rt = rtalloc1((struct sockaddr *)&sin, create, 0UL);
rt = in_rtalloc1((struct sockaddr *)&sin, create, 0UL, fibnum);
if (rt == 0)
return (0);

8
sys/netinet/in_gif.c
View File

@ -191,6 +191,8 @@ in_gif_output(struct ifnet *ifp, int family, struct mbuf *m)
}
bcopy(&iphdr, mtod(m, struct ip *), sizeof(struct ip));
M_SETFIB(m, sc->gif_fibnum);
if (dst->sin_family != sin_dst->sin_family ||
dst->sin_addr.s_addr != sin_dst->sin_addr.s_addr) {
/* cache route doesn't match */
@ -208,7 +210,7 @@ in_gif_output(struct ifnet *ifp, int family, struct mbuf *m)
}
if (sc->gif_ro.ro_rt == NULL) {
rtalloc_ign(&sc->gif_ro, 0);
in_rtalloc_ign(&sc->gif_ro, 0, sc->gif_fibnum);
if (sc->gif_ro.ro_rt == NULL) {
m_freem(m);
return ENETUNREACH;
@ -368,7 +370,9 @@ gif_validate4(const struct ip *ip, struct gif_softc *sc, struct ifnet *ifp)
sin.sin_family = AF_INET;
sin.sin_len = sizeof(struct sockaddr_in);
sin.sin_addr = ip->ip_src;
rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL);
/* XXX MRT check for the interface we would use on output */
rt = in_rtalloc1((struct sockaddr *)&sin, 0,
0UL, sc->gif_fibnum);
if (!rt || rt->rt_ifp != ifp) {
#if 0
log(LOG_WARNING, "%s: packet from 0x%x dropped "

3
sys/netinet/in_mcast.c
View File

@ -1025,7 +1025,8 @@ inp_join_group(struct inpcb *inp, struct sockopt *sopt)
ro.ro_rt = NULL;
*(struct sockaddr_in *)&ro.ro_dst = gsa->sin;
rtalloc_ign(&ro, RTF_CLONING);
in_rtalloc_ign(&ro, RTF_CLONING,
inp->inp_inc.inc_fibnum);
if (ro.ro_rt != NULL) {
ifp = ro.ro_rt->rt_ifp;
KASSERT(ifp != NULL, ("%s: null ifp",

3
sys/netinet/in_pcb.c
View File

@ -186,6 +186,7 @@ in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo)
bzero(inp, inp_zero_size);
inp->inp_pcbinfo = pcbinfo;
inp->inp_socket = so;
inp->inp_inc.inc_fibnum = so->so_fibnum;
#ifdef MAC
error = mac_inpcb_init(inp, M_NOWAIT);
if (error != 0)
@ -605,7 +606,7 @@ in_pcbconnect_setup(struct inpcb *inp, struct sockaddr *nam,
* Find out route to destination
*/
if ((inp->inp_socket->so_options & SO_DONTROUTE) == 0)
ia = ip_rtaddr(faddr);
ia = ip_rtaddr(faddr, inp->inp_inc.inc_fibnum);
/*
* If we found a route, use the address corresponding to
* the outgoing interface.

2
sys/netinet/in_pcb.h
View File

@ -101,7 +101,7 @@ struct in_endpoints {
struct in_conninfo {
u_int8_t inc_flags;
u_int8_t inc_len;
u_int16_t inc_pad; /* XXX alignment for in_endpoints */
u_int16_t inc_fibnum; /* XXX was pad, 16 bits is plenty */
/* protocol dependent part */
struct in_endpoints inc_ie;
};

154
sys/netinet/in_rmx.c
View File

@ -110,7 +110,8 @@ in_addroute(void *v_arg, void *n_arg, struct radix_node_head *head,
* Find out if it is because of an
* ARP entry and delete it if so.
*/
rt2 = rtalloc1((struct sockaddr *)sin, 0, RTF_CLONING);
rt2 = in_rtalloc1((struct sockaddr *)sin, 0,
RTF_CLONING, rt->rt_fibnum);
if (rt2) {
if (rt2->rt_flags & RTF_LLINFO &&
rt2->rt_flags & RTF_HOST &&
@ -225,10 +226,10 @@ in_rtqkill(struct radix_node *rn, void *rock)
if (rt->rt_refcnt > 0)
panic("rtqkill route really not free");
err = rtrequest(RTM_DELETE,
err = in_rtrequest(RTM_DELETE,
(struct sockaddr *)rt_key(rt),
rt->rt_gateway, rt_mask(rt),
rt->rt_flags, 0);
rt->rt_flags, 0, rt->rt_fibnum);
if (err) {
log(LOG_WARNING, "in_rtqkill: error %d\n", err);
} else {
@ -253,12 +254,31 @@ in_rtqkill(struct radix_node *rn, void *rock)
static int rtq_timeout = RTQ_TIMEOUT;
static struct callout rtq_timer;
static void in_rtqtimo_one(void *rock);
static void
in_rtqtimo(void *rock)
{
int fibnum;
void *newrock;
struct timeval atv;
KASSERT((rock == (void *)rt_tables[0][AF_INET]),
("in_rtqtimo: unexpected arg"));
for (fibnum = 0; fibnum < rt_numfibs; fibnum++) {
if ((newrock = rt_tables[fibnum][AF_INET]) != NULL)
in_rtqtimo_one(newrock);
}
atv.tv_usec = 0;
atv.tv_sec = rtq_timeout;
callout_reset(&rtq_timer, tvtohz(&atv), in_rtqtimo, rock);
}
static void
in_rtqtimo_one(void *rock)
{
struct radix_node_head *rnh = rock;
struct rtqk_arg arg;
struct timeval atv;
static time_t last_adjusted_timeout = 0;
arg.found = arg.killed = 0;
@ -297,27 +317,29 @@ in_rtqtimo(void *rock)
RADIX_NODE_HEAD_UNLOCK(rnh);
}
atv.tv_usec = 0;
atv.tv_sec = arg.nextstop - time_uptime;
callout_reset(&rtq_timer, tvtohz(&atv), in_rtqtimo, rock);
}
void
in_rtqdrain(void)
{
struct radix_node_head *rnh = rt_tables[AF_INET];
struct radix_node_head *rnh;
struct rtqk_arg arg;
int fibnum;
arg.found = arg.killed = 0;
arg.rnh = rnh;
arg.nextstop = 0;
arg.draining = 1;
arg.updating = 0;
RADIX_NODE_HEAD_LOCK(rnh);
rnh->rnh_walktree(rnh, in_rtqkill, &arg);
RADIX_NODE_HEAD_UNLOCK(rnh);
for ( fibnum = 0; fibnum < rt_numfibs; fibnum++) {
rnh = rt_tables[fibnum][AF_INET];
arg.found = arg.killed = 0;
arg.rnh = rnh;
arg.nextstop = 0;
arg.draining = 1;
arg.updating = 0;
RADIX_NODE_HEAD_LOCK(rnh);
rnh->rnh_walktree(rnh, in_rtqkill, &arg);
RADIX_NODE_HEAD_UNLOCK(rnh);
}
}
static int _in_rt_was_here;
/*
* Initialize our routing tree.
*/
@ -326,18 +348,29 @@ in_inithead(void **head, int off)
{
struct radix_node_head *rnh;
if (!rn_inithead(head, off))
/* XXX MRT
* This can be called from vfs_export.c too in which case 'off'
* will be 0. We know the correct value so just use that and
* return directly if it was 0.
* This is a hack that replaces an even worse hack on a bad hack
* on a bad design. After RELENG_7 this should be fixed but that
* will change the ABI, so for now do it this way.
*/
if (!rn_inithead(head, 32))
return 0;
if (head != (void **)&rt_tables[AF_INET]) /* BOGUS! */
return 1; /* only do this for the real routing table */
if (off == 0) /* XXX MRT see above */
return 1; /* only do the rest for a real routing table */
rnh = *head;
rnh->rnh_addaddr = in_addroute;
rnh->rnh_matchaddr = in_matroute;
rnh->rnh_close = in_clsroute;
callout_init(&rtq_timer, CALLOUT_MPSAFE);
in_rtqtimo(rnh); /* kick off timeout first time */
if (_in_rt_was_here == 0 ) {
callout_init(&rtq_timer, CALLOUT_MPSAFE);
in_rtqtimo(rnh); /* kick off timeout first time */
_in_rt_was_here = 1;
}
return 1;
}
@ -384,16 +417,81 @@ in_ifadown(struct ifaddr *ifa, int delete)
{
struct in_ifadown_arg arg;
struct radix_node_head *rnh;
int fibnum;
if (ifa->ifa_addr->sa_family != AF_INET)
return 1;
rnh = rt_tables[AF_INET];
arg.ifa = ifa;
arg.del = delete;
RADIX_NODE_HEAD_LOCK(rnh);
rnh->rnh_walktree(rnh, in_ifadownkill, &arg);
RADIX_NODE_HEAD_UNLOCK(rnh);
ifa->ifa_flags &= ~IFA_ROUTE; /* XXXlocking? */
for ( fibnum = 0; fibnum < rt_numfibs; fibnum++) {
rnh = rt_tables[fibnum][AF_INET];
arg.ifa = ifa;
arg.del = delete;
RADIX_NODE_HEAD_LOCK(rnh);
rnh->rnh_walktree(rnh, in_ifadownkill, &arg);
RADIX_NODE_HEAD_UNLOCK(rnh);
ifa->ifa_flags &= ~IFA_ROUTE; /* XXXlocking? */
}
return 0;
}
/*
* inet versions of rt functions. These have fib extensions and
* for now will just reference the _fib variants.
* eventually this order will be reversed,
*/
void
in_rtalloc_ign(struct route *ro, u_long ignflags, u_int fibnum)
{
rtalloc_ign_fib(ro, ignflags, fibnum);
}
int
in_rtrequest( int req,
struct sockaddr *dst,
struct sockaddr *gateway,
struct sockaddr *netmask,
int flags,
struct rtentry **ret_nrt,
u_int fibnum)
{
return (rtrequest_fib(req, dst, gateway, netmask,
flags, ret_nrt, fibnum));
}
struct rtentry *
in_rtalloc1(struct sockaddr *dst, int report, u_long ignflags, u_int fibnum)
{
return (rtalloc1_fib(dst, report, ignflags, fibnum));
}
int
in_rt_check(struct rtentry **lrt, struct rtentry **lrt0,
struct sockaddr *dst, u_int fibnum)
{
return (rt_check_fib(lrt, lrt0, dst, fibnum));
}
void
in_rtredirect(struct sockaddr *dst,
struct sockaddr *gateway,
struct sockaddr *netmask,
int flags,
struct sockaddr *src,
u_int fibnum)
{
rtredirect_fib(dst, gateway, netmask, flags, src, fibnum);
}
void
in_rtalloc(struct route *ro, u_int fibnum)
{
rtalloc_ign_fib(ro, 0UL, fibnum);
}
#if 0
int in_rt_getifa(struct rt_addrinfo *, u_int fibnum);
int in_rtioctl(u_long, caddr_t, u_int);
int in_rtrequest1(int, struct rt_addrinfo *, struct rtentry **, u_int);
#endif

16
sys/netinet/in_var.h
View File

@ -287,6 +287,7 @@ do { \
IN_NEXT_MULTI((step), (inm)); \
} while(0)
struct rtentry;
struct route;
struct ip_moptions;
@ -305,6 +306,21 @@ int in_ifadown(struct ifaddr *ifa, int);
void in_ifscrub(struct ifnet *, struct in_ifaddr *);
struct mbuf *ip_fastforward(struct mbuf *);
/* XXX */
void in_rtalloc_ign(struct route *ro, u_long ignflags, u_int fibnum);
void in_rtalloc(struct route *ro, u_int fibnum);
struct rtentry *in_rtalloc1(struct sockaddr *, int, u_long, u_int);
void in_rtredirect(struct sockaddr *, struct sockaddr *,
struct sockaddr *, int, struct sockaddr *, u_int);
int in_rtrequest(int, struct sockaddr *,
struct sockaddr *, struct sockaddr *, int, struct rtentry **, u_int);
int in_rt_check(struct rtentry **, struct rtentry **, struct sockaddr *, u_int);
#if 0
int in_rt_getifa(struct rt_addrinfo *, u_int fibnum);
int in_rtioctl(u_long, caddr_t, u_int);
int in_rtrequest1(int, struct rt_addrinfo *, struct rtentry **, u_int);
#endif
#endif /* _KERNEL */
/* INET6 stuff */

2
sys/netinet/ip_fastfwd.c
View File

@ -123,7 +123,7 @@ ip_findroute(struct route *ro, struct in_addr dest, struct mbuf *m)
dst->sin_family = AF_INET;
dst->sin_len = sizeof(*dst);
dst->sin_addr.s_addr = dest.s_addr;
rtalloc_ign(ro, RTF_CLONING);
in_rtalloc_ign(ro, RTF_CLONING, M_GETFIB(m));
/*
* Route there and interface still up?

4
sys/netinet/ip_fw.h
View File

@ -161,6 +161,9 @@ enum ipfw_opcodes { /* arguments (4 byte each) */
O_TAG, /* arg1=tag number */
O_TAGGED, /* arg1=tag number */
O_SETFIB, /* arg1=FIB number */
O_FIB, /* arg1=FIB desired fib number */
O_LAST_OPCODE /* not an opcode! */
};
@ -465,6 +468,7 @@ struct ipfw_flow_id {
u_int32_t src_ip;
u_int16_t dst_port;
u_int16_t src_port;
u_int8_t fib;
u_int8_t proto;
u_int8_t flags; /* protocol-specific flags */
uint8_t addr_type; /* 4 = ipv4, 6 = ipv6, 1=ether ? */

54
sys/netinet/ip_fw2.c
View File

@ -492,7 +492,7 @@ iface_match(struct ifnet *ifp, ipfw_insn_if *cmd)
* multicast, or broadcast.
*/
static int
verify_path(struct in_addr src, struct ifnet *ifp)
verify_path(struct in_addr src, struct ifnet *ifp, u_int fib)
{
struct route ro;
struct sockaddr_in *dst;
@ -503,7 +503,7 @@ verify_path(struct in_addr src, struct ifnet *ifp)
dst->sin_family = AF_INET;
dst->sin_len = sizeof(*dst);
dst->sin_addr = src;
rtalloc_ign(&ro, RTF_CLONING);
in_rtalloc_ign(&ro, RTF_CLONING, fib);
if (ro.ro_rt == NULL)
return 0;
@ -593,6 +593,7 @@ verify_path6(struct in6_addr *src, struct ifnet *ifp)
dst->sin6_family = AF_INET6;
dst->sin6_len = sizeof(*dst);
dst->sin6_addr = *src;
/* XXX MRT 0 for ipv6 at this time */
rtalloc_ign((struct route *)&ro, RTF_CLONING);
if (ro.ro_rt == NULL)
@ -828,6 +829,10 @@ ipfw_log(struct ip_fw *f, u_int hlen, struct ip_fw_args *args,
snprintf(SNPARGS(action2, 0), "Tee %d",
cmd->arg1);
break;
case O_SETFIB:
snprintf(SNPARGS(action2, 0), "SetFib %d",
cmd->arg1);
break;
case O_SKIPTO:
snprintf(SNPARGS(action2, 0), "SkipTo %d",
cmd->arg1);
@ -1500,6 +1505,7 @@ install_state(struct ip_fw *rule, ipfw_insn_limit *cmd,
id.dst_ip = id.src_ip = id.dst_port = id.src_port = 0;
id.proto = args->f_id.proto;
id.addr_type = args->f_id.addr_type;
id.fib = M_GETFIB(args->m);
if (IS_IP6_FLOW_ID (&(args->f_id))) {
if (limit_mask & DYN_SRC_ADDR)
@ -1601,6 +1607,7 @@ send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq,
return (NULL);
m->m_pkthdr.rcvif = (struct ifnet *)0;
M_SETFIB(m, id->fib);
#ifdef MAC
if (replyto != NULL)
mac_netinet_firewall_reply(replyto, m);
@ -2200,6 +2207,7 @@ ipfw_chk(struct ip_fw_args *args)
return (IP_FW_PASS); /* accept */
pktlen = m->m_pkthdr.len;
args->f_id.fib = M_GETFIB(m); /* note mbuf not altered) */
proto = args->f_id.proto = 0; /* mark f_id invalid */
/* XXX 0 is a valid proto: IP/IPv6 Hop-by-Hop Option */
@ -2911,7 +2919,8 @@ check_body:
verify_path6(&(args->f_id.src_ip6),
m->m_pkthdr.rcvif) :
#endif
verify_path(src_ip, m->m_pkthdr.rcvif)));
verify_path(src_ip, m->m_pkthdr.rcvif,
args->f_id.fib)));
break;
case O_VERSRCREACH:
@ -2922,7 +2931,7 @@ check_body:
verify_path6(&(args->f_id.src_ip6),
NULL) :
#endif
verify_path(src_ip, NULL)));
verify_path(src_ip, NULL, args->f_id.fib)));
break;
case O_ANTISPOOF:
@ -2941,7 +2950,8 @@ check_body:
m->m_pkthdr.rcvif) :
#endif
verify_path(src_ip,
m->m_pkthdr.rcvif);
m->m_pkthdr.rcvif,
args->f_id.fib);
else
match = 1;
break;
@ -3043,6 +3053,11 @@ check_body:
break;
}
case O_FIB: /* try match the specified fib */
if (args->f_id.fib == cmd->arg1)
match = 1;
break;
case O_TAGGED: {
uint32_t tag = (cmd->arg1 == IP_FW_TABLEARG) ?
tablearg : cmd->arg1;
@ -3203,7 +3218,6 @@ check_body:
IP_FW_DIVERT : IP_FW_TEE;
goto done;
}
case O_COUNT:
case O_SKIPTO:
f->pcnt++; /* update stats */
@ -3283,6 +3297,14 @@ check_body:
IP_FW_NETGRAPH : IP_FW_NGTEE;
goto done;
case O_SETFIB:
f->pcnt++; /* update stats */
f->bcnt += pktlen;
f->timestamp = time_uptime;
M_SETFIB(m, cmd->arg1);
args->f_id.fib = cmd->arg1;
goto next_rule;
case O_NAT: {
struct cfg_nat *t;
int nat_id;
@ -3793,6 +3815,26 @@ check_ipfw_struct(struct ip_fw *rule, int size)
goto bad_size;
break;
case O_FIB:
if (cmdlen != F_INSN_SIZE(ipfw_insn))
goto bad_size;
if (cmd->arg1 >= rt_numfibs) {
printf("ipfw: invalid fib number %d\n",
cmd->arg1);
return EINVAL;
}
break;
case O_SETFIB:
if (cmdlen != F_INSN_SIZE(ipfw_insn))
goto bad_size;
if (cmd->arg1 >= rt_numfibs) {
printf("ipfw: invalid fib number %d\n",
cmd->arg1);
return EINVAL;
}
goto check_action;
case O_UID:
case O_GID:
case O_JAIL:

17
sys/netinet/ip_icmp.c
View File

@ -227,6 +227,10 @@ stdreply: icmpelen = max(8, min(icmp_quotelen, oip->ip_len - oiphlen));
m_align(m, ICMP_MINLEN + icmplen);
m->m_len = ICMP_MINLEN + icmplen;
/* XXX MRT make the outgoing packet use the same FIB
* that was associated with the incoming packet
*/
M_SETFIB(m, M_GETFIB(n));
icp = mtod(m, struct icmp *);
icmpstat.icps_outhist[type]++;
icp->icmp_type = type;
@ -295,6 +299,7 @@ icmp_input(struct mbuf *m, int off)
int icmplen = ip->ip_len;
int i, code;
void (*ctlfunc)(int, struct sockaddr *, void *);
int fibnum;
/*
* Locate icmp structure in mbuf, and check
@ -576,10 +581,12 @@ reflect:
}
#endif
icmpsrc.sin_addr = icp->icmp_ip.ip_dst;
rtredirect((struct sockaddr *)&icmpsrc,
(struct sockaddr *)&icmpdst,
(struct sockaddr *)0, RTF_GATEWAY | RTF_HOST,
(struct sockaddr *)&icmpgw);
for ( fibnum = 0; fibnum < rt_numfibs; fibnum++) {
in_rtredirect((struct sockaddr *)&icmpsrc,
(struct sockaddr *)&icmpdst,
(struct sockaddr *)0, RTF_GATEWAY | RTF_HOST,
(struct sockaddr *)&icmpgw, fibnum);
}
pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc);
#ifdef IPSEC
key_sa_routechange((struct sockaddr *)&icmpsrc);
@ -693,7 +700,7 @@ icmp_reflect(struct mbuf *m)
* When we don't have a route back to the packet source, stop here
* and drop the packet.
*/
ia = ip_rtaddr(ip->ip_dst);
ia = ip_rtaddr(ip->ip_dst, M_GETFIB(m));
if (ia == NULL) {
m_freem(m);
icmpstat.icps_noroute++;

10
sys/netinet/ip_input.c
View File

@ -1198,7 +1198,7 @@ ipproto_unregister(u_char ipproto)
* return internet address info of interface to be used to get there.
*/
struct in_ifaddr *
ip_rtaddr(struct in_addr dst)
ip_rtaddr(struct in_addr dst, u_int fibnum)
{
struct route sro;
struct sockaddr_in *sin;
@ -1209,7 +1209,7 @@ ip_rtaddr(struct in_addr dst)
sin->sin_family = AF_INET;
sin->sin_len = sizeof(*sin);
sin->sin_addr = dst;
rtalloc_ign(&sro, RTF_CLONING);
in_rtalloc_ign(&sro, RTF_CLONING, fibnum);
if (sro.ro_rt == NULL)
return (NULL);
@ -1269,7 +1269,7 @@ ip_forward(struct mbuf *m, int srcrt)
}
#endif
ia = ip_rtaddr(ip->ip_dst);
ia = ip_rtaddr(ip->ip_dst, M_GETFIB(m));
if (!srcrt && ia == NULL) {
icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, 0, 0);
return;
@ -1334,7 +1334,7 @@ ip_forward(struct mbuf *m, int srcrt)
sin->sin_family = AF_INET;
sin->sin_len = sizeof(*sin);
sin->sin_addr = ip->ip_dst;
rtalloc_ign(&ro, RTF_CLONING);
in_rtalloc_ign(&ro, RTF_CLONING, M_GETFIB(m));
rt = ro.ro_rt;
@ -1363,7 +1363,7 @@ ip_forward(struct mbuf *m, int srcrt)
* the ICMP_UNREACH_NEEDFRAG "Next-Hop MTU" field described in RFC1191.
*/
bzero(&ro, sizeof(ro));
rtalloc_ign(&ro, RTF_CLONING);
rtalloc_ign_fib(&ro, RTF_CLONING, M_GETFIB(m));
error = ip_output(m, NULL, &ro, IP_FORWARDING, NULL, NULL);

4
sys/netinet/ip_mroute.c
View File

@ -303,7 +303,7 @@ static int X_ip_mrouter_done(void);
static int X_ip_mrouter_get(struct socket *so, struct sockopt *m);
static int X_ip_mrouter_set(struct socket *so, struct sockopt *m);
static int X_legal_vif_num(int vif);
static int X_mrt_ioctl(int cmd, caddr_t data);
static int X_mrt_ioctl(int cmd, caddr_t data, int fibnum);
static int get_sg_cnt(struct sioc_sg_req *);
static int get_vif_cnt(struct sioc_vif_req *);
@ -552,7 +552,7 @@ X_ip_mrouter_get(struct socket *so, struct sockopt *sopt)
* Handle ioctl commands to obtain information from the cache
*/
static int
X_mrt_ioctl(int cmd, caddr_t data)
X_mrt_ioctl(int cmd, caddr_t data, int fibnum)
{
int error = 0;

2
sys/netinet/ip_mroute.h
View File

@ -359,7 +359,7 @@ struct sockopt;
extern int (*ip_mrouter_set)(struct socket *, struct sockopt *);
extern int (*ip_mrouter_get)(struct socket *, struct sockopt *);
extern int (*ip_mrouter_done)(void);
extern int (*mrt_ioctl)(int, caddr_t);
extern int (*mrt_ioctl)(int, caddr_t, int);
#endif /* _KERNEL */

5
sys/netinet/ip_options.c
View File

@ -233,7 +233,8 @@ dropit:
if ((ia = (INA)ifa_ifwithdstaddr((SA)&ipaddr)) == NULL)
ia = (INA)ifa_ifwithnet((SA)&ipaddr);
} else
ia = ip_rtaddr(ipaddr.sin_addr);
/* XXX MRT 0 for routing */
ia = ip_rtaddr(ipaddr.sin_addr, M_GETFIB(m));
if (ia == NULL) {
type = ICMP_UNREACH;
code = ICMP_UNREACH_SRCFAIL;
@ -276,7 +277,7 @@ dropit:
* same).
*/
if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) == NULL &&
(ia = ip_rtaddr(ipaddr.sin_addr)) == NULL) {
(ia = ip_rtaddr(ipaddr.sin_addr, M_GETFIB(m))) == NULL) {
type = ICMP_UNREACH;
code = ICMP_UNREACH_HOST;
goto bad;

8
sys/netinet/ip_output.c
View File

@ -230,10 +230,12 @@ again:
*/
if (ro->ro_rt == NULL)
#ifdef RADIX_MPATH
rtalloc_mpath(ro,
ntohl(ip->ip_src.s_addr ^ ip->ip_dst.s_addr));
rtalloc_mpath_fib(ro,
ntohl(ip->ip_src.s_addr ^ ip->ip_dst.s_addr),
inp ? inp->inp_inc.inc_fibnum : M_GETFIB(m));
#else
rtalloc_ign(ro, 0);
in_rtalloc_ign(ro, 0,
inp ? inp->inp_inc.inc_fibnum : M_GETFIB(m));
#endif
if (ro->ro_rt == NULL) {
ipstat.ips_noroute++;

2
sys/netinet/ip_var.h
View File

@ -209,7 +209,7 @@ int ipproto_unregister(u_char);
struct mbuf *
ip_reass(struct mbuf *);
struct in_ifaddr *
ip_rtaddr(struct in_addr);
ip_rtaddr(struct in_addr, u_int fibnum);
void ip_savecontrol(struct inpcb *, struct mbuf **, struct ip *,
struct mbuf *);
void ip_slowtimo(void);

2
sys/netinet/raw_ip.c
View File

@ -95,7 +95,7 @@ int (*ip_mrouter_get)(struct socket *, struct sockopt *);
int (*ip_mrouter_done)(void);
int (*ip_mforward)(struct ip *, struct ifnet *, struct mbuf *,
struct ip_moptions *);
int (*mrt_ioctl)(int, caddr_t);
int (*mrt_ioctl)(int, caddr_t, int);
int (*legal_vif_num)(int);
u_long (*ip_mcast_src)(int);

2
sys/netinet/sctp_os_bsd.h
View File

@ -399,7 +399,7 @@ typedef struct callout sctp_os_timer_t;
typedef struct route sctp_route_t;
typedef struct rtentry sctp_rtentry_t;
#define SCTP_RTALLOC(ro, vrf_id) rtalloc_ign((struct route *)ro, 0UL)
#define SCTP_RTALLOC(ro, vrf_id) in_rtalloc_ign((struct route *)ro, 0UL, vrf_id)
/* Future zero copy wakeup/send function */
#define SCTP_ZERO_COPY_EVENT(inp, so)

1
sys/netinet/tcp_input.c
View File

@ -453,6 +453,7 @@ findpcb:
/*
* If the INPCB does not exist then all data in the incoming
* segment is discarded and an appropriate RST is sent back.
* XXX MRT Send RST using which routing table?
*/
if (inp == NULL) {
/*

8
sys/netinet/tcp_subr.c
View File

@ -471,6 +471,10 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
bcopy((caddr_t)th, (caddr_t)nth, sizeof(struct tcphdr));
flags = TH_ACK;
} else {
/*
* reuse the mbuf.
* XXX MRT We inherrit the FIB, which is lucky.
*/
m_freem(m->m_next);
m->m_next = NULL;
m->m_data = (caddr_t)ipgen;
@ -1199,6 +1203,8 @@ tcp_ctlinput(int cmd, struct sockaddr *sa, void *vip)
bzero(&inc, sizeof(inc));
inc.inc_flags = 0; /* IPv4 */
inc.inc_faddr = faddr;
inc.inc_fibnum =
inp->inp_inc.inc_fibnum;
mtu = ntohs(icp->icmp_nextmtu);
/*
@ -1595,7 +1601,7 @@ tcp_maxmtu(struct in_conninfo *inc, int *flags)
dst->sin_family = AF_INET;
dst->sin_len = sizeof(*dst);
dst->sin_addr = inc->inc_faddr;
rtalloc_ign(&sro, RTF_CLONING);
in_rtalloc_ign(&sro, RTF_CLONING, inc->inc_fibnum);
}
if (sro.ro_rt != NULL) {
ifp = sro.ro_rt->rt_ifp;

4
sys/netinet/tcp_syncache.c
View File

@ -671,6 +671,8 @@ syncache_socket(struct syncache *sc, struct socket *lso, struct mbuf *m)
#endif
inp = sotoinpcb(so);
inp->inp_inc.inc_fibnum = sc->sc_inc.inc_fibnum;
so->so_fibnum = sc->sc_inc.inc_fibnum;
INP_WLOCK(inp);
/* Insert new socket into PCB hash list. */
@ -941,6 +943,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
else
tcpstat.tcps_sc_completed++;
/* how do we find the inp for the new socket? */
if (sc != &scs)
syncache_free(sc);
return (1);
@ -1127,6 +1130,7 @@ _syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
sc->sc_label = maclabel;
#endif
sc->sc_ipopts = ipopts;
sc->sc_inc.inc_fibnum = inp->inp_inc.inc_fibnum;
bcopy(inc, &sc->sc_inc, sizeof(struct in_conninfo));
#ifdef INET6
if (!inc->inc_isipv6)

3
sys/netinet6/in6.c
View File

@ -1708,7 +1708,8 @@ in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia,
rtp = &rt;
}
error = rtrequest(RTM_ADD, (struct sockaddr *)&ia->ia_dstaddr,
error = rtrequest(RTM_ADD,
(struct sockaddr *)&ia->ia_dstaddr,
(struct sockaddr *)&ia->ia_addr,
(struct sockaddr *)&ia->ia_prefixmask,
ia->ia_flags | rtflags, rtp);

6
sys/netinet6/in6_ifattach.c
View File

@ -821,15 +821,15 @@ in6_ifdetach(struct ifnet *ifp)
/* XXX: should not fail */
return;
/* XXX grab lock first to avoid LOR */
if (rt_tables[AF_INET6] != NULL) {
RADIX_NODE_HEAD_LOCK(rt_tables[AF_INET6]);
if (rt_tables[0][AF_INET6] != NULL) {
RADIX_NODE_HEAD_LOCK(rt_tables[0][AF_INET6]);
rt = rtalloc1((struct sockaddr *)&sin6, 0, 0UL);
if (rt) {
if (rt->rt_ifp == ifp)
rtexpunge(rt);
RTFREE_LOCKED(rt);
}
RADIX_NODE_HEAD_UNLOCK(rt_tables[AF_INET6]);
RADIX_NODE_HEAD_UNLOCK(rt_tables[0][AF_INET6]);
}
}

12
sys/netinet6/in6_rmx.c
View File

@ -449,17 +449,21 @@ in6_rtqdrain(void)
/*
* Initialize our routing tree.
* XXX MRT When off == 0, we are being called from vfs_export.c
* so just set up their table and leave. (we know what the correct
* value should be so just use that).. FIX AFTER RELENG_7 is MFC'd
* see also comments in in_inithead() vfs_export.c and domain.h
*/
int
in6_inithead(void **head, int off)
{
struct radix_node_head *rnh;
if (!rn_inithead(head, off))
return 0;
if (!rn_inithead(head, offsetof(struct sockaddr_in6, sin6_addr) << 3))
return 0; /* See above */
if (head != (void **)&rt_tables[AF_INET6]) /* BOGUS! */
return 1; /* only do this for the real routing table */
if (off == 0) /* See above */
return 1; /* only do the rest for the real thing */
rnh = *head;
rnh->rnh_addaddr = in6_addroute;

3
sys/netinet6/nd6_rtr.c
View File

@ -2019,7 +2019,8 @@ in6_init_address_ltimes(struct nd_prefix *new, struct in6_addrlifetime *lt6)
void
rt6_flush(struct in6_addr *gateway, struct ifnet *ifp)
{
struct radix_node_head *rnh = rt_tables[AF_INET6];
struct radix_node_head *rnh = rt_tables[0][AF_INET6];
int s = splnet();
/* We'll care only link-local addresses */

12
sys/netipx/ipx_proto.c
View File

@ -131,16 +131,26 @@ static struct protosw ipxsw[] = {
},
};
extern int ipx_inithead(void **, int);
static struct domain ipxdomain = {
.dom_family = AF_IPX,
.dom_name = "network systems",
.dom_protosw = ipxsw,
.dom_protoswNPROTOSW = &ipxsw[sizeof(ipxsw)/sizeof(ipxsw[0])],
.dom_rtattach = rn_inithead,
.dom_rtattach = ipx_inithead,
.dom_rtoffset = 16,
.dom_maxrtkey = sizeof(struct sockaddr_ipx)
};
/* shim to adapt arguments */
int
ipx_inithead(void **head, int offset)
{
return rn_inithead(head, offset);
}
DOMAIN_SET(ipx);
SYSCTL_NODE(_net, PF_IPX, ipx, CTLFLAG_RW, 0,
"IPX/SPX");

3
sys/nfs4client/nfs4_vfsops.c
View File

@ -812,7 +812,8 @@ nfs4_do_setclientid(struct nfsmount *nmp, struct ucred *cred)
#ifdef NFS4_USE_RPCCLNT
ro.ro_dst = *nmp->nm_rpcclnt.rc_name;
#endif
rtalloc(&ro);
/* XXX MRT NFS uses table 0 */
in_rtalloc(&ro, 0);
if (ro.ro_rt == NULL) {
error = EHOSTUNREACH;
goto nfsmout;

5
sys/nfsclient/bootp_subr.c
View File

@ -1137,11 +1137,12 @@ bootpc_adjust_interface(struct bootpc_ifcontext *ifctx,
if (ifctx->gotgw != 0 || gctx->gotgw == 0) {
clear_sinaddr(&defdst);
clear_sinaddr(&defmask);
error = rtrequest(RTM_ADD,
/* XXX MRT just table 0 */
error = rtrequest_fib(RTM_ADD,
(struct sockaddr *) &defdst,
(struct sockaddr *) gw,
(struct sockaddr *) &defmask,
(RTF_UP | RTF_GATEWAY | RTF_STATIC), NULL);
(RTF_UP | RTF_GATEWAY | RTF_STATIC), NULL, 0);
if (error != 0) {
printf("bootpc_adjust_interface: "
"add net route, error=%d\n", error);

1
sys/nfsclient/nfs_vfsops.c
View File

@ -476,6 +476,7 @@ nfs_mountroot(struct mount *mp, struct thread *td)
sin = mask;
sin.sin_family = AF_INET;
sin.sin_len = sizeof(sin);
/* XXX MRT use table 0 for this sort of thing */
error = rtrequest(RTM_ADD, (struct sockaddr *)&sin,
(struct sockaddr *)&nd->mygateway,
(struct sockaddr *)&mask,

6
sys/sys/domain.h
View File

@ -57,6 +57,12 @@ struct domain {
int (*dom_rtattach) /* initialize routing table */
(void **, int);
int dom_rtoffset; /* an arg to rtattach, in bits */
/* XXX MRT.
* rtoffset May be 0 if the domain supplies its own rtattach(),
* in which case, a 0 indicates it's being called from
* vfs_export.c (HACK) Only for AF_INET{,6} at this time.
* Temporary ABI compat hack.. fix post RELENG_7
*/
int dom_maxrtkey; /* for routing layer */
void *(*dom_ifattach)(struct ifnet *);
void (*dom_ifdetach)(struct ifnet *, void *);

22
sys/sys/mbuf.h
View File

@ -192,6 +192,11 @@ struct mbuf {
#define M_PROTO6 0x00080000 /* protocol-specific */
#define M_PROTO7 0x00100000 /* protocol-specific */
#define M_PROTO8 0x00200000 /* protocol-specific */
/*
* For RELENG_{6,7} steal these flags for limited multiple routing table
* support. In RELENG_8 and beyond, use just one flag and a tag.
*/
#define M_FIB 0xF0000000 /* steal some bits to store fib number. */
#define M_NOTIFICATION M_PROTO5 /* SCTP notification */
@ -206,7 +211,7 @@ struct mbuf {
*/
#define M_COPYFLAGS \
(M_PKTHDR|M_EOR|M_RDONLY|M_PROTOFLAGS|M_SKIP_FIREWALL|M_BCAST|M_MCAST|\
M_FRAG|M_FIRSTFRAG|M_LASTFRAG|M_VLANTAG|M_PROMISC)
M_FRAG|M_FIRSTFRAG|M_LASTFRAG|M_VLANTAG|M_PROMISC|M_FIB)
/*
* External buffer types: identify ext_buf type.
@ -277,7 +282,7 @@ struct mbstat {
u_long m_mlen; /* length of data in an mbuf */
u_long m_mhlen; /* length of data in a header mbuf */
/* Number of mbtypes (gives # elems in mbtypes[] array: */
/* Number of mbtypes (gives # elems in mbtypes[] array) */
short m_numtypes;
/* XXX: Sendfile stats should eventually move to their own struct */
@ -957,6 +962,19 @@ m_tag_find(struct mbuf *m, int type, struct m_tag *start)
m_tag_locate(m, MTAG_ABI_COMPAT, type, start));
}
/* XXX temporary FIB methods probably eventually use tags.*/
#define M_FIBSHIFT 28
#define M_FIBMASK 0x0F
/* get the fib from an mbuf and if it is not set, return the default */
#define M_GETFIB(_m) \
((((_m)->m_flags & M_FIB) >> M_FIBSHIFT) & M_FIBMASK)
#define M_SETFIB(_m, _fib) do { \
_m->m_flags &= ~M_FIB; \
_m->m_flags |= (((_fib) << M_FIBSHIFT) & M_FIB); \
} while (0)
#endif /* _KERNEL */
#ifdef MBUF_PROFILING

1
sys/sys/proc.h
View File

@ -509,6 +509,7 @@ struct proc {
struct pargs *p_args; /* (c) Process arguments. */
rlim_t p_cpulimit; /* (c) Current CPU limit in seconds. */
signed char p_nice; /* (c) Process "nice" value. */
int p_fibnum; /* in this routing domain XXX MRT */
/* End area that is copied on creation. */
#define p_endcopy p_xstat

1
sys/sys/socket.h
View File

@ -138,6 +138,7 @@ typedef __uid_t uid_t;
#define SO_LISTENQLIMIT 0x1011 /* socket's backlog limit */
#define SO_LISTENQLEN 0x1012 /* socket's complete queue length */
#define SO_LISTENINCQLEN 0x1013 /* socket's incomplete queue length */
#define SO_SETFIB 0x1014 /* use this FIB to route */
#endif
/*

1
sys/sys/socketvar.h
View File

@ -146,6 +146,7 @@ struct socket {
void *so_accept_filter_arg; /* saved filter args */
char *so_accept_filter_str; /* saved user args */
} *so_accf;
int so_fibnum; /* routing domain for this socket */
};
#define SB_EMPTY_FIXUP(sb) do { \

1
sys/sys/syscall.h
View File

@ -171,6 +171,7 @@
#define SYS_shmsys 171
#define SYS_freebsd6_pread 173
#define SYS_freebsd6_pwrite 174
#define SYS_setfib 175
#define SYS_ntp_adjtime 176
#define SYS_setgid 181
#define SYS_setegid 182

1
sys/sys/syscall.mk
View File

@ -123,6 +123,7 @@ MIASM = \
shmsys.o \
freebsd6_pread.o \
freebsd6_pwrite.o \
setfib.o \
ntp_adjtime.o \
setgid.o \
setegid.o \

5
sys/sys/sysproto.h
View File

@ -555,6 +555,9 @@ struct freebsd6_pwrite_args {
char pad_l_[PADL_(int)]; int pad; char pad_r_[PADR_(int)];
char offset_l_[PADL_(off_t)]; off_t offset; char offset_r_[PADR_(off_t)];
};
struct setfib_args {
char fibnum_l_[PADL_(int)]; int fibnum; char fibnum_r_[PADR_(int)];
};
struct ntp_adjtime_args {
char tp_l_[PADL_(struct timex *)]; struct timex * tp; char tp_r_[PADR_(struct timex *)];
};
@ -1744,6 +1747,7 @@ int msgsys(struct thread *, struct msgsys_args *);
int shmsys(struct thread *, struct shmsys_args *);
int freebsd6_pread(struct thread *, struct freebsd6_pread_args *);
int freebsd6_pwrite(struct thread *, struct freebsd6_pwrite_args *);
int setfib(struct thread *, struct setfib_args *);
int ntp_adjtime(struct thread *, struct ntp_adjtime_args *);
int setgid(struct thread *, struct setgid_args *);
int setegid(struct thread *, struct setegid_args *);
@ -2325,6 +2329,7 @@ int freebsd4_sigreturn(struct thread *, struct freebsd4_sigreturn_args *);
#define SYS_AUE_shmsys AUE_SHMSYS
#define SYS_AUE_freebsd6_pread AUE_PREAD
#define SYS_AUE_freebsd6_pwrite AUE_PWRITE
#define SYS_AUE_setfib AUE_NULL
#define SYS_AUE_ntp_adjtime AUE_NTP_ADJTIME
#define SYS_AUE_setgid AUE_SETGID
#define SYS_AUE_setegid AUE_SETEGID

6
usr.sbin/setfib/Makefile Normal file
View File

@ -0,0 +1,6 @@
# @(#)Makefile 8.1 (Berkeley) 6/6/93
# $FreeBSD$
PROG= setfib
.include <bsd.prog.mk>

92
usr.sbin/setfib/setfib.1 Normal file
View File

@ -0,0 +1,92 @@
.\" Copyright (c) 2008 Cisco systems
.\" Author Julian Elischer. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd April 9, 2008
.Dt SETFIB 1
.Os
.Sh NAME
.Nm setfib
.Nd execute a utility with an altered default network view.
.Sh SYNOPSIS
.Nm
.Op Fl F
.Ar fib
.Ar utility
.Op Ar argument ...
.Sh DESCRIPTION
The
.Nm
utility runs
.Ar utility
with an different routing table. The table number
.Dq fib
will be used by default for all sockets started by this
process or descendents.
.Sh ENVIRONMENT
The
.Ev PATH
environment variable is used to locate the requested
.Ar utility
if the name contains no
.Ql /
characters.
.Sh EXIT STATUS
If
.Ar utility
is invoked, the exit status of
.Nm
is the exit status of
.Ar utility .
.Pp
An exit status of 126 indicates
.Ar utility
was found, but could not be executed.
An exit status of 127 indicates
.Ar utility
could not be found.
.Sh EXAMPLES
Execute utility
.Sq netstat
to view the second routing table.
.Pp
.Dl "setfib -F 1 netstat -rn"
or
.Dl "setfib 1 netstat -rn"
or
.Dl "setfib -1 netstat -rn"
.Sh SEE ALSO
.Xr setfib 2 ,
.Xr setsockopt 2
.Sh STANDARDS
The
.Nm
utility is a FreeBSD specific extension, however many UNIX like systems
have an equivalent function.
.Sh HISTORY
The
.Nm
utility appeared in
.Fx 8.0 .

103
usr.sbin/setfib/setfib.c Normal file
View File

@ -0,0 +1,103 @@
/*
* Copyright (c) 1989, 1993, 1994
* The Regents of the University of California. All rights reserved.
* Copyright (c) 2008 Cisco Systems, All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* setfib file skelaton taken from nice.c
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/sysctl.h>
void usage(void);
int
main(int argc, char *argv[])
{
long fib = 0;
int ch;
char *ep;
int numfibs;
int intsize = sizeof(int);
if (sysctlbyname("net.fibs", &numfibs, &intsize, NULL, 0) == -1)
errx(1, "Multiple FIBS not supported");
if (argc < 2)
usage();
ep = argv[1];
/*
* convert -N or N to -FN. (N is a number)
*/
if (ep[0]== '-' && isdigit((unsigned char)ep[1]))
ep++;
if (isdigit((unsigned char)*ep))
if (asprintf(&argv[1], "-F%s", ep) < 0)
err(1, "asprintf");
while ((ch = getopt(argc, argv, "F:")) != -1) {
switch (ch) {
case 'F':
errno = 0;
fib = strtol(optarg, &ep, 10);
if (ep == optarg || *ep != '\0' || errno ||
fib < 0 || fib >= numfibs)
errx(1, "%s: invalid FIB (max %s)",
optarg, numfibs - 1);
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc == 0)
usage();
errno = 0;
if (syscall(175, (int)fib))
warn("setfib");
execvp(*argv, argv);
err(errno == ENOENT ? 127 : 126, "%s", *argv);
}
void
usage(void)
{
(void)fprintf(stderr,
"usage: setfib [-[F]]value command");
exit(1);
}