Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Feb 2012 09:47:27 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r232292 - in stable/9: contrib/netcat contrib/pf/pfctl etc/rc.d share/man/man4 sys/contrib/pf/net sys/fs/nfsclient sys/i386/conf sys/kern sys/net sys/netinet sys/netinet/ipfw sys/netine...
Message-ID:  <201202290947.q1T9lRDV019249@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bz
Date: Wed Feb 29 09:47:26 2012
New Revision: 232292
URL: http://svn.freebsd.org/changeset/base/232292

Log:
  MFC r231852,232127:
  
   Merge multi-FIB IPv6 support.
  
   Extend the so far IPv4-only support for multiple routing tables (FIBs)
   introduced in r178888 to IPv6 providing feature parity.
  
   This includes an extended rtalloc(9) KPI for IPv6, the necessary
   adjustments to the network stack, and user land support as in netstat.
  
  Sponsored by:	Cisco Systems, Inc.

Modified:
  stable/9/contrib/netcat/netcat.c
  stable/9/contrib/pf/pfctl/parse.y
  stable/9/etc/rc.d/routing
  stable/9/share/man/man4/faith.4
  stable/9/sys/contrib/pf/net/pf.c
  stable/9/sys/contrib/pf/net/pf_ioctl.c
  stable/9/sys/contrib/pf/net/pf_lb.c
  stable/9/sys/contrib/pf/net/pf_norm.c
  stable/9/sys/contrib/pf/net/pfvar.h
  stable/9/sys/fs/nfsclient/nfs_clport.c
  stable/9/sys/fs/nfsclient/nfs_clvfsops.c
  stable/9/sys/kern/uipc_socket.c
  stable/9/sys/net/flowtable.c
  stable/9/sys/net/if_faith.c
  stable/9/sys/net/route.c
  stable/9/sys/net/route.h
  stable/9/sys/netinet/in.c
  stable/9/sys/netinet/ipfw/ip_fw2.c
  stable/9/sys/netinet/sctp_os_bsd.h
  stable/9/sys/netinet/tcp_subr.c
  stable/9/sys/netinet6/icmp6.c
  stable/9/sys/netinet6/in6.c
  stable/9/sys/netinet6/in6_gif.c
  stable/9/sys/netinet6/in6_ifattach.c
  stable/9/sys/netinet6/in6_mcast.c
  stable/9/sys/netinet6/in6_rmx.c
  stable/9/sys/netinet6/in6_src.c
  stable/9/sys/netinet6/in6_var.h
  stable/9/sys/netinet6/ip6_forward.c
  stable/9/sys/netinet6/ip6_input.c
  stable/9/sys/netinet6/ip6_output.c
  stable/9/sys/netinet6/ip6_var.h
  stable/9/sys/netinet6/nd6.c
  stable/9/sys/netinet6/nd6_nbr.c
  stable/9/sys/netinet6/nd6_rtr.c
  stable/9/sys/netinet6/raw_ip6.c
  stable/9/sys/netipsec/ipsec_output.c
  stable/9/sys/nfs/bootp_subr.c
  stable/9/sys/nfsclient/nfs_vfsops.c
  stable/9/usr.bin/netstat/route.c
Directory Properties:
  stable/9/contrib/netcat/   (props changed)
  stable/9/contrib/pf/   (props changed)
  stable/9/etc/   (props changed)
  stable/9/share/man/man4/   (props changed)
  stable/9/sys/   (props changed)
  stable/9/sys/amd64/include/xen/   (props changed)
  stable/9/sys/boot/   (props changed)
  stable/9/sys/boot/i386/efi/   (props changed)
  stable/9/sys/boot/ia64/efi/   (props changed)
  stable/9/sys/boot/ia64/ski/   (props changed)
  stable/9/sys/boot/powerpc/boot1.chrp/   (props changed)
  stable/9/sys/boot/powerpc/ofw/   (props changed)
  stable/9/sys/cddl/contrib/opensolaris/   (props changed)
  stable/9/sys/conf/   (props changed)
  stable/9/sys/contrib/dev/acpica/   (props changed)
  stable/9/sys/contrib/octeon-sdk/   (props changed)
  stable/9/sys/contrib/pf/   (props changed)
  stable/9/sys/contrib/x86emu/   (props changed)
  stable/9/sys/i386/conf/XENHVM   (props changed)
  stable/9/usr.bin/netstat/   (props changed)

Modified: stable/9/contrib/netcat/netcat.c
==============================================================================
--- stable/9/contrib/netcat/netcat.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/contrib/netcat/netcat.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -605,8 +605,10 @@ remote_connect(const char *host, const c
 #endif
 
 		if (rtableid) {
-			if (setfib(rtableid) == -1)
-				err(1, "setfib");
+			if (setsockopt(s, SOL_SOCKET, SO_SETFIB, &rtableid,
+			    sizeof(rtableid)) == -1)
+				err(1, "setsockopt(.., SO_SETFIB, %u, ..)",
+				    rtableid);
 		}
 
 		/* Bind to a local port or source address if specified. */
@@ -678,8 +680,11 @@ local_listen(char *host, char *port, str
 			continue;
 
 		if (rtableid) {
-			if (setfib(rtableid) == -1)
-				err(1, "setfib");
+			ret = setsockopt(s, SOL_SOCKET, SO_SETFIB, &rtableid,
+			    sizeof(rtableid));
+			if (ret == -1)
+				err(1, "setsockopt(.., SO_SETFIB, %u, ..)",
+				    rtableid);
 		}
 
 		ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));

Modified: stable/9/contrib/pf/pfctl/parse.y
==============================================================================
--- stable/9/contrib/pf/pfctl/parse.y	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/contrib/pf/pfctl/parse.y	Wed Feb 29 09:47:26 2012	(r232292)
@@ -33,6 +33,9 @@ __FBSDID("$FreeBSD$");
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
+#ifdef __FreeBSD__
+#include <sys/sysctl.h>
+#endif
 #include <net/if.h>
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
@@ -335,6 +338,7 @@ int		 expand_skip_interface(struct node_
 int	 check_rulestate(int);
 int	 getservice(char *);
 int	 rule_label(struct pf_rule *, char *);
+int	 rt_tableid_max(void);
 
 void	 mv_rules(struct pf_ruleset *, struct pf_ruleset *);
 void	 decide_address_family(struct node_host *, sa_family_t *);
@@ -1174,7 +1178,7 @@ scrub_opt	: NODF	{
 			scrub_opts.randomid = 1;
 		}
 		| RTABLE NUMBER				{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -1322,7 +1326,7 @@ antispoof_opt	: label	{
 			antispoof_opts.label = $1;
 		}
 		| RTABLE NUMBER				{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -2361,7 +2365,7 @@ filter_opt	: USER uids {
 				filter_opts.prob = 1;
 		}
 		| RTABLE NUMBER				{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -4190,7 +4194,7 @@ tagged		: /* empty */		{ $$.neg = 0; $$.
 
 rtable		: /* empty */		{ $$ = -1; }
 		| RTABLE NUMBER		{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -6051,3 +6055,23 @@ pfctl_load_anchors(int dev, struct pfctl
 
 	return (0);
 }
+
+int
+rt_tableid_max(void)
+{
+#ifdef __FreeBSD__
+	int fibs;
+	size_t l = sizeof(fibs);
+
+        if (sysctlbyname("net.fibs", &fibs, &l, NULL, 0) == -1)
+		fibs = 16;	/* XXX RT_MAXFIBS, at least limit it some. */
+	/*
+	 * As the OpenBSD code only compares > and not >= we need to adjust
+	 * here given we only accept values of 0..n and want to avoid #ifdefs
+	 * in the grammer.
+	 */
+	return (fibs - 1);
+#else
+	return (RT_TABLEID_MAX);
+#endif
+}

Modified: stable/9/etc/rc.d/routing
==============================================================================
--- stable/9/etc/rc.d/routing	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/etc/rc.d/routing	Wed Feb 29 09:47:26 2012	(r232292)
@@ -137,12 +137,22 @@ static_inet()
 
 static_inet6()
 {
-	local _action i
+	local _action i fibs
 	_action=$1
 
+	# get the number of FIBs supported.
+	fibs=`sysctl -n net.fibs`
+	: ${fibs:=1}
+
 	# disallow "internal" addresses to appear on the wire
-	route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
-	route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
+	i=0
+	while test ${i} -lt ${fibs}; do
+		setfib -F ${i} route ${_action} \
+		    -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
+		setfib -F ${i} route ${_action} \
+		    -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
+		i=$((i + 1))
+	done
 
 	case ${ipv6_defaultrouter} in
 	[Nn][Oo] | '')
@@ -214,8 +224,14 @@ static_inet6()
 	# for the host case, you will allow to omit the identifiers.
 	# Under this configuration, the packets will go to the default
 	# interface.
-	route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject
-	route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject
+	i=0
+	while test ${i} -lt ${fibs}; do
+		setfib -F ${i} route ${_action} \
+		    -inet6 fe80:: -prefixlen 10 ::1 -reject
+		setfib -F ${i} route ${_action} \
+		    -inet6 ff02:: -prefixlen 16 ::1 -reject
+		i=$((i + 1))
+	done
 
 	case ${ipv6_default_interface} in
 	'')

Modified: stable/9/share/man/man4/faith.4
==============================================================================
--- stable/9/share/man/man4/faith.4	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/share/man/man4/faith.4	Wed Feb 29 09:47:26 2012	(r232292)
@@ -29,7 +29,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 10, 1999
+.Dd January 23, 2012
 .Dt FAITH 4
 .Os
 .Sh NAME
@@ -58,7 +58,7 @@ variable in
 .Xr rc.conf 5 .
 .Pp
 Special action will be taken when IPv6 TCP traffic is seen on a router,
-and the routing table suggests to route it to the
+and the default routing table suggests to route it to the
 .Nm
 interface.
 In this case, the packet will be accepted by the router,

Modified: stable/9/sys/contrib/pf/net/pf.c
==============================================================================
--- stable/9/sys/contrib/pf/net/pf.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/contrib/pf/net/pf.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -320,7 +320,7 @@ u_int8_t		 pf_get_wscale(struct mbuf *, 
 u_int16_t		 pf_get_mss(struct mbuf *, int, u_int16_t,
 			    sa_family_t);
 u_int16_t		 pf_calc_mss(struct pf_addr *, sa_family_t,
-				u_int16_t);
+				int, u_int16_t);
 void			 pf_set_rt_ifp(struct pf_state *,
 			    struct pf_addr *);
 int			 pf_check_proto_cksum(struct mbuf *, int, int,
@@ -3137,7 +3137,7 @@ pf_get_mss(struct mbuf *m, int off, u_in
 }
 
 u_int16_t
-pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer)
+pf_calc_mss(struct pf_addr *addr, sa_family_t af, int rtableid, u_int16_t offer)
 {
 #ifdef INET
 	struct sockaddr_in	*dst;
@@ -3166,11 +3166,7 @@ pf_calc_mss(struct pf_addr *addr, sa_fam
 		dst->sin_len = sizeof(*dst);
 		dst->sin_addr = addr->v4;
 #ifdef __FreeBSD__
-#ifdef RTF_PRCLONING
-		rtalloc_ign(&ro, (RTF_CLONING | RTF_PRCLONING));
-#else /* !RTF_PRCLONING */
-		in_rtalloc_ign(&ro, 0, 0);
-#endif
+		in_rtalloc_ign(&ro, 0, rtableid);
 #else /* ! __FreeBSD__ */
 		rtalloc_noclone(&ro, NO_CLONING);
 #endif
@@ -3186,12 +3182,7 @@ pf_calc_mss(struct pf_addr *addr, sa_fam
 		dst6->sin6_len = sizeof(*dst6);
 		dst6->sin6_addr = addr->v6;
 #ifdef __FreeBSD__
-#ifdef RTF_PRCLONING
-		rtalloc_ign((struct route *)&ro6,
-		    (RTF_CLONING | RTF_PRCLONING));
-#else /* !RTF_PRCLONING */
-		rtalloc_ign((struct route *)&ro6, 0);
-#endif
+		in6_rtalloc_ign(&ro6, 0, rtableid);
 #else /* ! __FreeBSD__ */
 		rtalloc_noclone((struct route *)&ro6, NO_CLONING);
 #endif
@@ -3532,14 +3523,14 @@ pf_test_rule(struct pf_rule **rm, struct
 		else if (r->proto && r->proto != pd->proto)
 			r = r->skip[PF_SKIP_PROTO].ptr;
 		else if (PF_MISMATCHAW(&r->src.addr, saddr, af,
-		    r->src.neg, kif))
+		    r->src.neg, kif, M_GETFIB(m)))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		/* tcp/udp only. port_op always 0 in other cases */
 		else if (r->src.port_op && !pf_match_port(r->src.port_op,
 		    r->src.port[0], r->src.port[1], sport))
 			r = r->skip[PF_SKIP_SRC_PORT].ptr;
 		else if (PF_MISMATCHAW(&r->dst.addr, daddr, af,
-		    r->dst.neg, NULL))
+		    r->dst.neg, NULL, M_GETFIB(m)))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		/* tcp/udp only. port_op always 0 in other cases */
 		else if (r->dst.port_op && !pf_match_port(r->dst.port_op,
@@ -3988,9 +3979,10 @@ pf_create_state(struct pf_rule *r, struc
 		}
 		s->src.seqhi = htonl(arc4random());
 		/* Find mss option */
+		int rtid = M_GETFIB(m);
 		mss = pf_get_mss(m, off, th->th_off, pd->af);
-		mss = pf_calc_mss(pd->src, pd->af, mss);
-		mss = pf_calc_mss(pd->dst, pd->af, mss);
+		mss = pf_calc_mss(pd->src, pd->af, rtid, mss);
+		mss = pf_calc_mss(pd->dst, pd->af, rtid, mss);
 		s->src.mss = mss;
 #ifdef __FreeBSD__
 		pf_send_tcp(NULL, r, pd->af, pd->dst, pd->src, th->th_dport,
@@ -4072,10 +4064,10 @@ pf_test_fragment(struct pf_rule **rm, in
 		else if (r->proto && r->proto != pd->proto)
 			r = r->skip[PF_SKIP_PROTO].ptr;
 		else if (PF_MISMATCHAW(&r->src.addr, pd->src, af,
-		    r->src.neg, kif))
+		    r->src.neg, kif, M_GETFIB(m)))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (PF_MISMATCHAW(&r->dst.addr, pd->dst, af,
-		    r->dst.neg, NULL))
+		    r->dst.neg, NULL, M_GETFIB(m)))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else if (r->tos && !(r->tos == pd->tos))
 			r = TAILQ_NEXT(r, entries);
@@ -5677,7 +5669,8 @@ pf_pull_hdr(struct mbuf *m, int off, voi
 }
 
 int
-pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *kif)
+pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *kif,
+    int rtableid)
 {
 #ifdef __FreeBSD__
 #ifdef RADIX_MPATH
@@ -5751,13 +5744,21 @@ pf_routable(struct pf_addr *addr, sa_fam
 		goto out;
 
 #ifdef __FreeBSD__
-/* XXX MRT not always INET */ /* stick with table 0 though */
+	switch (af) {
+#ifdef INET6
+	case AF_INET6:
+		in6_rtalloc_ign(&ro, 0, rtableid);
+		break;
+#endif
 #ifdef INET
-	if (af == AF_INET)
-		in_rtalloc_ign((struct route *)&ro, 0, 0);
-	else
+	case AF_INET:
+		in_rtalloc_ign((struct route *)&ro, 0, rtableid);
+		break;
 #endif
-		rtalloc_ign((struct route *)&ro, 0);
+	default:
+		rtalloc_ign((struct route *)&ro, 0);	/* No/default FIB. */
+		break;
+	}
 #else /* ! __FreeBSD__ */
 	rtalloc_noclone((struct route *)&ro, NO_CLONING);
 #endif
@@ -5803,7 +5804,8 @@ out:
 }
 
 int
-pf_rtlabel_match(struct pf_addr *addr, sa_family_t af, struct pf_addr_wrap *aw)
+pf_rtlabel_match(struct pf_addr *addr, sa_family_t af, struct pf_addr_wrap *aw,
+    int rtableid)
 {
 	struct sockaddr_in	*dst;
 #ifdef INET6
@@ -5835,16 +5837,21 @@ pf_rtlabel_match(struct pf_addr *addr, s
 	}
 
 #ifdef __FreeBSD__
-# ifdef RTF_PRCLONING
-	rtalloc_ign((struct route *)&ro, (RTF_CLONING|RTF_PRCLONING));
-# else /* !RTF_PRCLONING */
+	switch (af) {
+#ifdef INET6
+	case AF_INET6:
+		in6_rtalloc_ign(&ro, 0, rtableid);
+		break;
+#endif
 #ifdef INET
-	if (af == AF_INET)
-		in_rtalloc_ign((struct route *)&ro, 0, 0);
-	else
+	case AF_INET:
+		in_rtalloc_ign((struct route *)&ro, 0, rtableid);
+		break;
 #endif
+	default:
 		rtalloc_ign((struct route *)&ro, 0);
-# endif
+		break;
+	}
 #else /* ! __FreeBSD__ */
 	rtalloc_noclone((struct route *)&ro, NO_CLONING);
 #endif
@@ -5927,7 +5934,7 @@ pf_route(struct mbuf **m, struct pf_rule
 
 	if (r->rt == PF_FASTROUTE) {
 #ifdef __FreeBSD__
-		in_rtalloc(ro, 0);
+		in_rtalloc_ign(ro, 0, M_GETFIB(m0));
 #else
 		rtalloc(ro);
 #endif
@@ -6893,7 +6900,7 @@ done:
 		    ("pf: dropping packet with ip options\n"));
 	}
 
-	if ((s && s->tag) || r->rtableid)
+	if ((s && s->tag) || r->rtableid >= 0)
 #ifdef __FreeBSD__
 		pf_tag_packet(m, s ? s->tag : 0, r->rtableid, pd.pf_mtag);
 #else
@@ -7437,7 +7444,7 @@ done:
 		    ("pf: dropping packet with dangerous v6 headers\n"));
 	}
 
-	if ((s && s->tag) || r->rtableid)
+	if ((s && s->tag) || r->rtableid >= 0)
 #ifdef __FreeBSD__
 		pf_tag_packet(m, s ? s->tag : 0, r->rtableid, pd.pf_mtag);
 #else

Modified: stable/9/sys/contrib/pf/net/pf_ioctl.c
==============================================================================
--- stable/9/sys/contrib/pf/net/pf_ioctl.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/contrib/pf/net/pf_ioctl.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -1754,7 +1754,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
 		}
 
 #ifdef __FreeBSD__ /* ROUTING */
-		if (rule->rtableid > 0 && rule->rtableid > rt_numfibs)
+		if (rule->rtableid > 0 && rule->rtableid >= rt_numfibs)
 #else
 		if (rule->rtableid > 0 && !rtable_exists(rule->rtableid))
 #endif
@@ -2035,7 +2035,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
 
 			if (newrule->rtableid > 0 &&
 #ifdef __FreeBSD__ /* ROUTING */
-			    newrule->rtableid > rt_numfibs)
+			    newrule->rtableid >= rt_numfibs)
 #else
 			    !rtable_exists(newrule->rtableid))
 #endif

Modified: stable/9/sys/contrib/pf/net/pf_lb.c
==============================================================================
--- stable/9/sys/contrib/pf/net/pf_lb.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/contrib/pf/net/pf_lb.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -261,7 +261,7 @@ pf_match_translation(struct pf_pdesc *pd
 		else if (r->proto && r->proto != pd->proto)
 			r = r->skip[PF_SKIP_PROTO].ptr;
 		else if (PF_MISMATCHAW(&src->addr, saddr, pd->af,
-		    src->neg, kif))
+		    src->neg, kif, M_GETFIB(m)))
 			r = r->skip[src == &r->src ? PF_SKIP_SRC_ADDR :
 			    PF_SKIP_DST_ADDR].ptr;
 		else if (src->port_op && !pf_match_port(src->port_op,
@@ -269,10 +269,11 @@ pf_match_translation(struct pf_pdesc *pd
 			r = r->skip[src == &r->src ? PF_SKIP_SRC_PORT :
 			    PF_SKIP_DST_PORT].ptr;
 		else if (dst != NULL &&
-		    PF_MISMATCHAW(&dst->addr, daddr, pd->af, dst->neg, NULL))
+		    PF_MISMATCHAW(&dst->addr, daddr, pd->af, dst->neg, NULL,
+		    M_GETFIB(m)))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else if (xdst != NULL && PF_MISMATCHAW(xdst, daddr, pd->af,
-		    0, NULL))
+		    0, NULL, M_GETFIB(m)))
 			r = TAILQ_NEXT(r, entries);
 		else if (dst != NULL && dst->port_op &&
 		    !pf_match_port(dst->port_op, dst->port[0],

Modified: stable/9/sys/contrib/pf/net/pf_norm.c
==============================================================================
--- stable/9/sys/contrib/pf/net/pf_norm.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/contrib/pf/net/pf_norm.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -1163,11 +1163,11 @@ pf_normalize_ip(struct mbuf **m0, int di
 			r = r->skip[PF_SKIP_PROTO].ptr;
 		else if (PF_MISMATCHAW(&r->src.addr,
 		    (struct pf_addr *)&h->ip_src.s_addr, AF_INET,
-		    r->src.neg, kif))
+		    r->src.neg, kif, M_GETFIB(m)))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (PF_MISMATCHAW(&r->dst.addr,
 		    (struct pf_addr *)&h->ip_dst.s_addr, AF_INET,
-		    r->dst.neg, NULL))
+		    r->dst.neg, NULL, M_GETFIB(m)))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 #ifdef __FreeBSD__
 		else if (r->match_tag && !pf_match_tag(m, r, &tag, pd->pf_mtag))
@@ -1428,11 +1428,11 @@ pf_normalize_ip6(struct mbuf **m0, int d
 #endif
 		else if (PF_MISMATCHAW(&r->src.addr,
 		    (struct pf_addr *)&h->ip6_src, AF_INET6,
-		    r->src.neg, kif))
+		    r->src.neg, kif, M_GETFIB(m)))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (PF_MISMATCHAW(&r->dst.addr,
 		    (struct pf_addr *)&h->ip6_dst, AF_INET6,
-		    r->dst.neg, NULL))
+		    r->dst.neg, NULL, M_GETFIB(m)))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else
 			break;
@@ -1593,13 +1593,13 @@ pf_normalize_tcp(int dir, struct pfi_kif
 		else if (r->proto && r->proto != pd->proto)
 			r = r->skip[PF_SKIP_PROTO].ptr;
 		else if (PF_MISMATCHAW(&r->src.addr, pd->src, af,
-		    r->src.neg, kif))
+		    r->src.neg, kif, M_GETFIB(m)))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (r->src.port_op && !pf_match_port(r->src.port_op,
 			    r->src.port[0], r->src.port[1], th->th_sport))
 			r = r->skip[PF_SKIP_SRC_PORT].ptr;
 		else if (PF_MISMATCHAW(&r->dst.addr, pd->dst, af,
-		    r->dst.neg, NULL))
+		    r->dst.neg, NULL, M_GETFIB(m)))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else if (r->dst.port_op && !pf_match_port(r->dst.port_op,
 			    r->dst.port[0], r->dst.port[1], th->th_dport))

Modified: stable/9/sys/contrib/pf/net/pfvar.h
==============================================================================
--- stable/9/sys/contrib/pf/net/pfvar.h	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/contrib/pf/net/pfvar.h	Wed Feb 29 09:47:26 2012	(r232292)
@@ -402,14 +402,18 @@ extern struct mtx pf_task_mtx;
 #endif /* PF_INET6_ONLY */
 #endif /* PF_INET_INET6 */
 
-#define	PF_MISMATCHAW(aw, x, af, neg, ifp)				\
+/*
+ * XXX callers not FIB-aware in our version of pf yet.
+ * OpenBSD fixed it later it seems, 2010/05/07 13:33:16 claudio.
+ */
+#define	PF_MISMATCHAW(aw, x, af, neg, ifp, rtid)			\
 	(								\
 		(((aw)->type == PF_ADDR_NOROUTE &&			\
-		    pf_routable((x), (af), NULL)) ||			\
+		    pf_routable((x), (af), NULL, (rtid))) ||		\
 		(((aw)->type == PF_ADDR_URPFFAILED && (ifp) != NULL &&	\
-		    pf_routable((x), (af), (ifp))) ||			\
+		    pf_routable((x), (af), (ifp), (rtid))) ||		\
 		((aw)->type == PF_ADDR_RTLABEL &&			\
-		    !pf_rtlabel_match((x), (af), (aw))) ||		\
+		    !pf_rtlabel_match((x), (af), (aw), (rtid))) ||	\
 		((aw)->type == PF_ADDR_TABLE &&				\
 		    !pfr_match_addr((aw)->p.tbl, (x), (af))) ||		\
 		((aw)->type == PF_ADDR_DYNIFTL &&			\
@@ -1977,8 +1981,10 @@ int	pf_normalize_tcp_stateful(struct mbu
 u_int32_t
 	pf_state_expires(const struct pf_state *);
 void	pf_purge_expired_fragments(void);
-int	pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *);
-int	pf_rtlabel_match(struct pf_addr *, sa_family_t, struct pf_addr_wrap *);
+int	pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *,
+	    int);
+int	pf_rtlabel_match(struct pf_addr *, sa_family_t, struct pf_addr_wrap *,
+	    int);
 #ifdef __FreeBSD__
 int	pf_socket_lookup(int, struct pf_pdesc *,  struct inpcb *);
 #else

Modified: stable/9/sys/fs/nfsclient/nfs_clport.c
==============================================================================
--- stable/9/sys/fs/nfsclient/nfs_clport.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/fs/nfsclient/nfs_clport.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -976,7 +976,8 @@ nfscl_getmyip(struct nfsmount *nmp, int 
 		sad.sin_len = sizeof (struct sockaddr_in);
 		sad.sin_addr.s_addr = sin->sin_addr.s_addr;
 		CURVNET_SET(CRED_TO_VNET(nmp->nm_sockreq.nr_cred));
-		rt = rtalloc1((struct sockaddr *)&sad, 0, 0UL);
+		rt = rtalloc1_fib((struct sockaddr *)&sad, 0, 0UL,
+		     curthread->td_proc->p_fibnum);
 		if (rt != NULL) {
 			if (rt->rt_ifp != NULL &&
 			    rt->rt_ifa != NULL &&
@@ -1001,7 +1002,8 @@ nfscl_getmyip(struct nfsmount *nmp, int 
 		sad6.sin6_len = sizeof (struct sockaddr_in6);
 		sad6.sin6_addr = sin6->sin6_addr;
 		CURVNET_SET(CRED_TO_VNET(nmp->nm_sockreq.nr_cred));
-		rt = rtalloc1((struct sockaddr *)&sad6, 0, 0UL);
+		rt = rtalloc1_fib((struct sockaddr *)&sad6, 0, 0UL,
+		     curthread->td_proc->p_fibnum);
 		if (rt != NULL) {
 			if (rt->rt_ifp != NULL &&
 			    rt->rt_ifa != NULL &&

Modified: stable/9/sys/fs/nfsclient/nfs_clvfsops.c
==============================================================================
--- stable/9/sys/fs/nfsclient/nfs_clvfsops.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/fs/nfsclient/nfs_clvfsops.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -459,10 +459,10 @@ nfs_mountroot(struct mount *mp)
 		sin.sin_len = sizeof(sin);
                 /* XXX MRT use table 0 for this sort of thing */
 		CURVNET_SET(TD_TO_VNET(td));
-		error = rtrequest(RTM_ADD, (struct sockaddr *)&sin,
+		error = rtrequest_fib(RTM_ADD, (struct sockaddr *)&sin,
 		    (struct sockaddr *)&nd->mygateway,
 		    (struct sockaddr *)&mask,
-		    RTF_UP | RTF_GATEWAY, NULL);
+		    RTF_UP | RTF_GATEWAY, NULL, RT_DEFAULT_FIB);
 		CURVNET_RESTORE();
 		if (error)
 			panic("nfs_mountroot: RTM_ADD: %d", error);

Modified: stable/9/sys/kern/uipc_socket.c
==============================================================================
--- stable/9/sys/kern/uipc_socket.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/kern/uipc_socket.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -392,6 +392,7 @@ socreate(int dom, struct socket **aso, i
 	so->so_type = type;
 	so->so_cred = crhold(cred);
 	if ((prp->pr_domain->dom_family == PF_INET) ||
+	    (prp->pr_domain->dom_family == PF_INET6) ||
 	    (prp->pr_domain->dom_family == PF_ROUTE))
 		so->so_fibnum = td->td_proc->p_fibnum;
 	else
@@ -2498,12 +2499,13 @@ sosetopt(struct socket *so, struct socko
 		case SO_SETFIB:
 			error = sooptcopyin(sopt, &optval, sizeof optval,
 					    sizeof optval);
-			if (optval < 0 || optval > rt_numfibs) {
+			if (optval < 0 || optval >= rt_numfibs) {
 				error = EINVAL;
 				goto bad;
 			}
 			if (so->so_proto != NULL &&
 			   ((so->so_proto->pr_domain->dom_family == PF_INET) ||
+			   (so->so_proto->pr_domain->dom_family == PF_INET6) ||
 			   (so->so_proto->pr_domain->dom_family == PF_ROUTE))) {
 				so->so_fibnum = optval;
 				/* Note: ignore error */

Modified: stable/9/sys/net/flowtable.c
==============================================================================
--- stable/9/sys/net/flowtable.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/net/flowtable.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -373,7 +373,7 @@ SYSCTL_VNET_PROC(_net_inet_flowtable, OI
 
 #ifndef RADIX_MPATH
 static void
-in_rtalloc_ign_wrapper(struct route *ro, uint32_t hash, u_int fibnum)
+rtalloc_ign_wrapper(struct route *ro, uint32_t hash, u_int fibnum)
 {
 
 	rtalloc_ign_fib(ro, 0, fibnum);
@@ -1314,7 +1314,7 @@ flowtable_alloc(char *name, int nentry, 
 #ifdef RADIX_MPATH
 	ft->ft_rtalloc = rtalloc_mpath_fib;
 #else
-	ft->ft_rtalloc = in_rtalloc_ign_wrapper;
+	ft->ft_rtalloc = rtalloc_ign_wrapper;
 #endif
 	if (flags & FL_PCPU) {
 		ft->ft_lock = flowtable_pcpu_lock;

Modified: stable/9/sys/net/if_faith.c
==============================================================================
--- stable/9/sys/net/if_faith.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/net/if_faith.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -338,7 +338,7 @@ faithprefix(in6)
 	sin6.sin6_family = AF_INET6;
 	sin6.sin6_len = sizeof(struct sockaddr_in6);
 	sin6.sin6_addr = *in6;
-	rt = rtalloc1((struct sockaddr *)&sin6, 0, 0UL);
+	rt = in6_rtalloc1((struct sockaddr *)&sin6, 0, 0UL, RT_DEFAULT_FIB);
 	if (rt && rt->rt_ifp && rt->rt_ifp->if_type == IFT_FAITH &&
 	    (rt->rt_ifp->if_flags & IFF_UP) != 0)
 		ret = 1;

Modified: stable/9/sys/net/route.c
==============================================================================
--- stable/9/sys/net/route.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/net/route.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -35,6 +35,7 @@
  ***********************************************************************/
 
 #include "opt_inet.h"
+#include "opt_inet6.h"
 #include "opt_route.h"
 #include "opt_mrouting.h"
 #include "opt_mpath.h"
@@ -72,7 +73,11 @@ SYSCTL_UINT(_net, OID_AUTO, fibs, CTLFLA
 /*
  * Allow the boot code to allow LESS than RT_MAXFIBS to be used.
  * We can't do more because storage is statically allocated for now.
- * (for compatibility reasons.. this will change).
+ * (for compatibility reasons.. this will change. When this changes, code should
+ * be refactored to protocol independent parts and protocol dependent parts,
+ * probably hanging of domain(9) specific storage to not need the full
+ * fib * af RNH allocation etc. but allow tuning the number of tables per
+ * address family).
  */
 TUNABLE_INT("net.fibs", &rt_numfibs);
 
@@ -82,6 +87,9 @@ TUNABLE_INT("net.fibs", &rt_numfibs);
  * changes for the FIB of the caller when adding a new set of addresses
  * to an interface.  XXX this is a shotgun aproach to a problem that needs
  * a more fine grained solution.. that will come.
+ * XXX also has the problems getting the FIB from curthread which will not
+ * always work given the fib can be overridden and prefixes can be added
+ * from the network stack context.
  */
 u_int rt_add_addr_allfibs = 1;
 SYSCTL_UINT(_net, OID_AUTO, add_addr_allfibs, CTLFLAG_RW,
@@ -196,27 +204,23 @@ vnet_route_init(const void *unused __unu
 	V_rtzone = uma_zcreate("rtentry", sizeof(struct rtentry), NULL, NULL,
 	    NULL, NULL, UMA_ALIGN_PTR, 0);
 	for (dom = domains; dom; dom = dom->dom_next) {
-		if (dom->dom_rtattach)  {
-			for  (table = 0; table < rt_numfibs; table++) {
-				if ( (fam = dom->dom_family) == AF_INET ||
-				    table == 0) {
- 			        	/* for now only AF_INET has > 1 table */
-					/* XXX MRT 
-					 * rtattach will be also called
-					 * from vfs_export.c but the
-					 * offset will be 0
-					 * (only for AF_INET and AF_INET6
-					 * which don't need it anyhow)
-					 */
-					rnh = rt_tables_get_rnh_ptr(table, fam);
-					if (rnh == NULL)
-						panic("%s: rnh NULL", __func__);
-					dom->dom_rtattach((void **)rnh,
-				    	    dom->dom_rtoffset);
-				} else {
-					break;
-				}
-			}
+		if (dom->dom_rtattach == NULL)
+			continue;
+
+		for  (table = 0; table < rt_numfibs; table++) {
+			fam = dom->dom_family;
+			if (table != 0 && fam != AF_INET6 && fam != AF_INET)
+				break;
+
+			/*
+			 * XXX MRT rtattach will be also called from
+			 * vfs_export.c but the offset will be 0 (only for
+			 * AF_INET and AF_INET6 which don't need it anyhow).
+			 */
+			rnh = rt_tables_get_rnh_ptr(table, fam);
+			if (rnh == NULL)
+				panic("%s: rnh NULL", __func__);
+			dom->dom_rtattach((void **)rnh, dom->dom_rtoffset);
 		}
 	}
 }
@@ -233,20 +237,19 @@ vnet_route_uninit(const void *unused __u
 	struct radix_node_head **rnh;
 
 	for (dom = domains; dom; dom = dom->dom_next) {
-		if (dom->dom_rtdetach) {
-			for (table = 0; table < rt_numfibs; table++) {
-				if ( (fam = dom->dom_family) == AF_INET ||
-				    table == 0) {
-					/* For now only AF_INET has > 1 tbl. */
-					rnh = rt_tables_get_rnh_ptr(table, fam);
-					if (rnh == NULL)
-						panic("%s: rnh NULL", __func__);
-					dom->dom_rtdetach((void **)rnh,
-					    dom->dom_rtoffset);
-				} else {
-					break;
-				}
-			}
+		if (dom->dom_rtdetach == NULL)
+			continue;
+
+		for (table = 0; table < rt_numfibs; table++) {
+			fam = dom->dom_family;
+
+			if (table != 0 && fam != AF_INET6 && fam != AF_INET)
+				break;
+
+			rnh = rt_tables_get_rnh_ptr(table, fam);
+			if (rnh == NULL)
+				panic("%s: rnh NULL", __func__);
+			dom->dom_rtdetach((void **)rnh, dom->dom_rtoffset);
 		}
 	}
 }
@@ -274,7 +277,8 @@ sys_setfib(struct thread *td, struct set
 void
 rtalloc(struct route *ro)
 {
-	rtalloc_ign_fib(ro, 0UL, 0);
+
+	rtalloc_ign_fib(ro, 0UL, RT_DEFAULT_FIB);
 }
 
 void
@@ -294,7 +298,7 @@ rtalloc_ign(struct route *ro, u_long ign
 		RTFREE(rt);
 		ro->ro_rt = NULL;
 	}
-	ro->ro_rt = rtalloc1_fib(&ro->ro_dst, 1, ignore, 0);
+	ro->ro_rt = rtalloc1_fib(&ro->ro_dst, 1, ignore, RT_DEFAULT_FIB);
 	if (ro->ro_rt)
 		RT_UNLOCK(ro->ro_rt);
 }
@@ -324,7 +328,8 @@ rtalloc_ign_fib(struct route *ro, u_long
 struct rtentry *
 rtalloc1(struct sockaddr *dst, int report, u_long ignflags)
 {
-	return (rtalloc1_fib(dst, report, ignflags, 0));
+
+	return (rtalloc1_fib(dst, report, ignflags, RT_DEFAULT_FIB));
 }
 
 struct rtentry *
@@ -339,8 +344,15 @@ rtalloc1_fib(struct sockaddr *dst, int r
 	int needlock;
 
 	KASSERT((fibnum < rt_numfibs), ("rtalloc1_fib: bad fibnum"));
-	if (dst->sa_family != AF_INET)	/* Only INET supports > 1 fib now */
-		fibnum = 0;
+	switch (dst->sa_family) {
+	case AF_INET6:
+	case AF_INET:
+		/* We support multiple FIBs. */
+		break;
+	default:
+		fibnum = RT_DEFAULT_FIB;
+		break;
+	}
 	rnh = rt_tables_get_rnh(fibnum, dst->sa_family);
 	newrt = NULL;
 	if (rnh == NULL)
@@ -486,7 +498,8 @@ rtredirect(struct sockaddr *dst,
 	int flags,
 	struct sockaddr *src)
 {
-	rtredirect_fib(dst, gateway, netmask, flags, src, 0);
+
+	rtredirect_fib(dst, gateway, netmask, flags, src, RT_DEFAULT_FIB);
 }
 
 void
@@ -617,7 +630,8 @@ out:
 int
 rtioctl(u_long req, caddr_t data)
 {
-	return (rtioctl_fib(req, data, 0));
+
+	return (rtioctl_fib(req, data, RT_DEFAULT_FIB));
 }
 
 /*
@@ -647,7 +661,8 @@ rtioctl_fib(u_long req, caddr_t data, u_
 struct ifaddr *
 ifa_ifwithroute(int flags, struct sockaddr *dst, struct sockaddr *gateway)
 {
-	return (ifa_ifwithroute_fib(flags, dst, gateway, 0));
+
+	return (ifa_ifwithroute_fib(flags, dst, gateway, RT_DEFAULT_FIB));
 }
 
 struct ifaddr *
@@ -732,7 +747,9 @@ rtrequest(int req,
 	int flags,
 	struct rtentry **ret_nrt)
 {
-	return (rtrequest_fib(req, dst, gateway, netmask, flags, ret_nrt, 0));
+
+	return (rtrequest_fib(req, dst, gateway, netmask, flags, ret_nrt,
+	    RT_DEFAULT_FIB));
 }
 
 int
@@ -771,7 +788,8 @@ rtrequest_fib(int req,
 int
 rt_getifa(struct rt_addrinfo *info)
 {
-	return (rt_getifa_fib(info, 0));
+
+	return (rt_getifa_fib(info, RT_DEFAULT_FIB));
 }
 
 /*
@@ -1029,8 +1047,16 @@ rtrequest1_fib(int req, struct rt_addrin
 #define senderr(x) { error = x ; goto bad; }
 
 	KASSERT((fibnum < rt_numfibs), ("rtrequest1_fib: bad fibnum"));
-	if (dst->sa_family != AF_INET)	/* Only INET supports > 1 fib now */
-		fibnum = 0;
+	switch (dst->sa_family) {
+	case AF_INET6:
+	case AF_INET:
+		/* We support multiple FIBs. */
+		break;
+	default:
+		fibnum = RT_DEFAULT_FIB;
+		break;
+	}
+
 	/*
 	 * Find the correct routing tree to use for this Address Family
 	 */
@@ -1136,8 +1162,7 @@ rtrequest1_fib(int req, struct rt_addrin
 		rt->rt_flags = RTF_UP | flags;
 		rt->rt_fibnum = fibnum;
 		/*
-		 * Add the gateway. Possibly re-malloc-ing the storage for it
-		 * 
+		 * Add the gateway. Possibly re-malloc-ing the storage for it.
 		 */
 		RT_LOCK(rt);
 		if ((error = rt_setgate(rt, dst, gateway)) != 0) {
@@ -1186,12 +1211,15 @@ rtrequest1_fib(int req, struct rt_addrin
 
 #ifdef FLOWTABLE
 		rt0 = NULL;
-		/* XXX
-		 * "flow-table" only support IPv4 at the moment.
-		 * XXX-BZ as of r205066 it would support IPv6.
-		 */
+		/* "flow-table" only supports IPv6 and IPv4 at the moment. */
+		switch (dst->sa_family) {
+#ifdef INET6
+		case AF_INET6:
+#endif
 #ifdef INET
-		if (dst->sa_family == AF_INET) {
+		case AF_INET:
+#endif
+#if defined(INET6) || defined(INET)
 			rn = rnh->rnh_matchaddr(dst, rnh);
 			if (rn && ((rn->rn_flags & RNF_ROOT) == 0)) {
 				struct sockaddr *mask;
@@ -1230,9 +1258,9 @@ rtrequest1_fib(int req, struct rt_addrin
 					}
 				}
 			}
+#endif/* INET6 || INET */
 		}
-#endif
-#endif
+#endif /* FLOWTABLE */
 
 		/* XXX mtu manipulation will be done in rnh_addaddr -- itojun */
 		rn = rnh->rnh_addaddr(ndst, netmask, rnh, rt->rt_nodes);
@@ -1254,9 +1282,18 @@ rtrequest1_fib(int req, struct rt_addrin
 		} 
 #ifdef FLOWTABLE
 		else if (rt0 != NULL) {
+			switch (dst->sa_family) {
+#ifdef INET6
+			case AF_INET6:
+				flowtable_route_flush(V_ip6_ft, rt0);
+				break;
+#endif
 #ifdef INET
-			flowtable_route_flush(V_ip_ft, rt0);
+			case AF_INET:
+				flowtable_route_flush(V_ip_ft, rt0);
+				break;
 #endif
+			}
 			RTFREE(rt0);
 		}
 #endif
@@ -1388,8 +1425,17 @@ rtinit1(struct ifaddr *ifa, int cmd, int
 		dst = ifa->ifa_addr;
 		netmask = ifa->ifa_netmask;
 	}
-	if ( dst->sa_family != AF_INET)
-		fibnum = 0;
+	if (dst->sa_len == 0)
+		return(EINVAL);
+	switch (dst->sa_family) {
+	case AF_INET6:
+	case AF_INET:
+		/* We support multiple FIBs. */
+		break;
+	default:
+		fibnum = RT_DEFAULT_FIB;
+		break;
+	}
 	if (fibnum == -1) {
 		if (rt_add_addr_allfibs == 0 && cmd == (int)RTM_ADD) {
 			startfib = endfib = curthread->td_proc->p_fibnum;
@@ -1402,8 +1448,6 @@ rtinit1(struct ifaddr *ifa, int cmd, int
 		startfib = fibnum;
 		endfib = fibnum;
 	}
-	if (dst->sa_len == 0)
-		return(EINVAL);
 
 	/*
 	 * If it's a delete, check that if it exists,
@@ -1427,9 +1471,7 @@ rtinit1(struct ifaddr *ifa, int cmd, int
 	 * Now go through all the requested tables (fibs) and do the
 	 * requested action. Realistically, this will either be fib 0
 	 * for protocols that don't do multiple tables or all the
-	 * tables for those that do. XXX For this version only AF_INET.
-	 * When that changes code should be refactored to protocol
-	 * independent parts and protocol dependent parts.
+	 * tables for those that do.
 	 */
 	for ( fibnum = startfib; fibnum <= endfib; fibnum++) {
 		if (cmd == RTM_DELETE) {
@@ -1569,12 +1611,14 @@ rtinit1(struct ifaddr *ifa, int cmd, int
 	return (error);
 }
 
+#ifndef BURN_BRIDGES
 /* special one for inet internal use. may not use. */
 int
 rtinit_fib(struct ifaddr *ifa, int cmd, int flags)
 {
 	return (rtinit1(ifa, cmd, flags, -1));
 }
+#endif
 
 /*
  * Set up a routing table entry, normally
@@ -1584,7 +1628,7 @@ int
 rtinit(struct ifaddr *ifa, int cmd, int flags)
 {
 	struct sockaddr *dst;
-	int fib = 0;
+	int fib = RT_DEFAULT_FIB;
 
 	if (flags & RTF_HOST) {
 		dst = ifa->ifa_dstaddr;
@@ -1592,7 +1636,12 @@ rtinit(struct ifaddr *ifa, int cmd, int 
 		dst = ifa->ifa_addr;
 	}
 
-	if (dst->sa_family == AF_INET)
+	switch (dst->sa_family) {
+	case AF_INET6:
+	case AF_INET:
+		/* We do support multiple FIBs. */
 		fib = -1;
+		break;
+	}
 	return (rtinit1(ifa, cmd, flags, fib));
 }

Modified: stable/9/sys/net/route.h
==============================================================================
--- stable/9/sys/net/route.h	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/net/route.h	Wed Feb 29 09:47:26 2012	(r232292)
@@ -111,6 +111,7 @@ struct rt_metrics {
  #endif
 #endif
 
+#define	RT_DEFAULT_FIB	0	/* Explicitly mark fib=0 restricted cases */
 extern u_int rt_numfibs;	/* number fo usable routing tables */
 /*
  * XXX kernel function pointer `rt_output' is visible to applications.
@@ -405,8 +406,10 @@ void	 rtredirect(struct sockaddr *, stru
 int	 rtrequest(int, struct sockaddr *,
 	    struct sockaddr *, struct sockaddr *, int, struct rtentry **);
 
+#ifndef BURN_BRIDGES
 /* defaults to "all" FIBs */
 int	 rtinit_fib(struct ifaddr *, int, int);
+#endif
 
 /* XXX MRT NEW VERSIONS THAT USE FIBs
  * For now the protocol indepedent versions are the same as the AF_INET ones

Modified: stable/9/sys/netinet/in.c
==============================================================================
--- stable/9/sys/netinet/in.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/netinet/in.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -938,7 +938,7 @@ in_ifinit(struct ifnet *ifp, struct in_i
 
 		bzero(&ia_ro, sizeof(ia_ro));
 		*((struct sockaddr_in *)(&ia_ro.ro_dst)) = ia->ia_addr;
-		rtalloc_ign_fib(&ia_ro, 0, 0);
+		rtalloc_ign_fib(&ia_ro, 0, RT_DEFAULT_FIB);
 		if ((ia_ro.ro_rt != NULL) && (ia_ro.ro_rt->rt_ifp != NULL) &&
 		    (ia_ro.ro_rt->rt_ifp == V_loif)) {
 			RT_LOCK(ia_ro.ro_rt);

Modified: stable/9/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- stable/9/sys/netinet/ipfw/ip_fw2.c	Wed Feb 29 07:33:07 2012	(r232291)
+++ stable/9/sys/netinet/ipfw/ip_fw2.c	Wed Feb 29 09:47:26 2012	(r232292)
@@ -496,7 +496,7 @@ search_ip6_addr_net (struct in6_addr * i
 }
 
 static int
-verify_path6(struct in6_addr *src, struct ifnet *ifp)
+verify_path6(struct in6_addr *src, struct ifnet *ifp, u_int fib)
 {

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202290947.q1T9lRDV019249>