From cd895dac374d8513f51626a2d3fbeedfd44479ae Mon Sep 17 00:00:00 2001
From: bz <bz@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Fri, 10 Feb 2012 06:42:00 +0000
Subject: [PATCH] MFC r223735:

 Add infrastructure to allow all frames/packets received on an interface
 to be assigned to a non-default FIB instance.

 Submitted by:	cjsp
 Submitted by:	Alexander V. Chernikov (melifaro ipfw.ru)
 		(original versions)
 Reviewed by:	julian
 Reviewed by:	Alexander V. Chernikov (melifaro ipfw.ru)

Reviewed by:	melifaro


git-svn-id: svn://svn.freebsd.org/base/stable/8@231346 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sbin/ifconfig/Makefile   |   1 +
 sbin/ifconfig/ifconfig.8 |  13 +++++
 sbin/ifconfig/iffib.c    | 103 +++++++++++++++++++++++++++++++++++++++
 share/man/man9/ifnet.9   |  11 ++++-
 sys/kern/kern_jail.c     |   1 +
 sys/net/if.c             |  16 ++++++
 sys/net/if.h             |   2 +
 sys/net/if_debug.c       |   1 +
 sys/net/if_var.h         |   3 +-
 sys/sys/priv.h           |   1 +
 sys/sys/sockio.h         |   3 ++
 11 files changed, 152 insertions(+), 3 deletions(-)
 create mode 100644 sbin/ifconfig/iffib.c

diff --git a/sbin/ifconfig/Makefile b/sbin/ifconfig/Makefile
index 367ad9c3b..e98547f5d 100644
--- a/sbin/ifconfig/Makefile
+++ b/sbin/ifconfig/Makefile
@@ -23,6 +23,7 @@ SRCS+=	af_nd6.c		# ND6 support
 SRCS+=	ifclone.c		# clone device support
 SRCS+=	ifmac.c			# MAC support
 SRCS+=	ifmedia.c		# SIOC[GS]IFMEDIA support
+SRCS+=	iffib.c			# non-default FIB support
 SRCS+=	ifvlan.c		# SIOC[GS]ETVLAN support
 SRCS+=	ifgre.c			# GRE keys etc
 SRCS+=	ifgif.c			# GIF reversed header workaround
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index f84a7dd3e..d4f53b92b 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -294,6 +294,19 @@ Remove the interface from the given
 Fill interface index
 (lowermost 64bit of an IPv6 address)
 automatically.
+.It Cm fib Ar fib_number
+Specify interface FIB.
+A FIB
+.Ar fib_number
+is assigned to all frames or packets received on that interface.
+The FIB is not inherited, e.g. vlans or other sub-interfaces will use
+the default FIB (0) irrespective of the parent interface's FIB.
+The kernel needs to be tuned to support more than the default FIB
+using the
+.Va ROUTETABLES
+kernel configuration option, or the
+.Va net.fibs
+tunable.
 .It Cm ipdst
 This is used to specify an Internet host who is willing to receive
 IP packets encapsulating IPX packets bound for a remote network.
diff --git a/sbin/ifconfig/iffib.c b/sbin/ifconfig/iffib.c
new file mode 100644
index 000000000..f3498b42e
--- /dev/null
+++ b/sbin/ifconfig/iffib.c
@@ -0,0 +1,103 @@
+/*-
+ * Copyright (c) 2011 Alexander V. Chernikov
+ * Copyright (c) 2011 Christian S.J. Peron
+ * Copyright (c) 2011 Bjoern A. Zeeb
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/sockio.h>
+
+#include <net/if.h>
+#include <net/route.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <err.h>
+
+#include "ifconfig.h"
+
+static void
+fib_status(int s)
+{
+	struct ifreq ifr;
+
+	memset(&ifr, 0, sizeof(ifr));
+	strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
+
+	if (ioctl(s, SIOCGIFFIB, (caddr_t)&ifr) < 0)
+		return;
+
+	/* Ignore if it is the default. */
+	if (ifr.ifr_fib == 0)
+		return;
+
+	printf("\tfib: %u\n", ifr.ifr_fib);
+}
+
+static void
+setiffib(const char *val, int dummy __unused, int s,
+    const struct afswtch *afp)
+{
+	unsigned long fib;
+	char *ep;
+
+	fib = strtoul(val, &ep, 0);
+	if (*ep != '\0' || fib > UINT_MAX) {
+		warn("fib %s not valid", val);
+		return;
+	}
+
+	strncpy(ifr.ifr_name, name, sizeof (ifr.ifr_name));
+	ifr.ifr_fib = fib;
+	if (ioctl(s, SIOCSIFFIB, (caddr_t)&ifr) < 0)
+		warn("ioctl (SIOCSIFFIB)");
+}
+
+static struct cmd fib_cmds[] = {
+	DEF_CMD_ARG("fib", setiffib),
+};
+
+static struct afswtch af_fib = {
+	.af_name	= "af_fib",
+	.af_af		= AF_UNSPEC,
+	.af_other_status = fib_status,
+};
+
+static __constructor void
+fib_ctor(void)
+{
+#define	N(a)	(sizeof(a) / sizeof(a[0]))
+	size_t i;
+
+	for (i = 0; i < N(fib_cmds);  i++)
+		cmd_register(&fib_cmds[i]);
+	af_register(&af_fib);
+#undef N
+}
diff --git a/share/man/man9/ifnet.9 b/share/man/man9/ifnet.9
index 96b2f00bf..57944f62c 100644
--- a/share/man/man9/ifnet.9
+++ b/share/man/man9/ifnet.9
@@ -28,7 +28,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd March 14, 2007
+.Dd July 3, 2011
 .Dt IFNET 9
 .Os
 .Sh NAME
@@ -1156,11 +1156,12 @@ list.
 Caller must have appropriate privilege.
 (No call-down to driver.)
 .It Dv SIOCGIFCAP
+.It Dv SIOCGIFFIB
 .It Dv SIOCGIFFLAGS
 .It Dv SIOCGIFMETRIC
 .It Dv SIOCGIFMTU
 .It Dv SIOCGIFPHYS
-Get interface capabilities, flags, metric, MTU, medium selection.
+Get interface capabilities, FIB, flags, metric, MTU, medium selection.
 (No call-down to driver.)
 .Pp
 .It Dv SIOCSIFCAP
@@ -1179,6 +1180,12 @@ and
 .Va if_data.ifi_hwassist
 appropriately.
 .Pp
+.It Dv SIOCSIFFIB
+Sets interface FIB.
+Caller must have appropriate privilege.
+FIB values start at 0 and values greater or equals than
+.Va net.fibs
+are considered invalid.
 .It Dv SIOCSIFFLAGS
 Change interface flags.
 Caller must have appropriate privilege.
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 2f745aaea..955be47b4 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -3620,6 +3620,7 @@ prison_priv_check(struct ucred *cred, int priv)
 	case PRIV_NET_LAGG:
 	case PRIV_NET_GIF:
 	case PRIV_NET_SETIFVNET:
+	case PRIV_NET_SETIFFIB:
 
 		/*
 		 * 802.11-related privileges.
diff --git a/sys/net/if.c b/sys/net/if.c
index b314a3ebf..b950e002f 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -58,6 +58,8 @@
 #include <sys/taskqueue.h>
 #include <sys/domain.h>
 #include <sys/jail.h>
+#include <sys/priv.h>
+
 #include <machine/stdarg.h>
 #include <vm/uma.h>
 
@@ -2195,6 +2197,20 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		free(odescrbuf, M_IFDESCR);
 		break;
 
+	case SIOCGIFFIB:
+		ifr->ifr_fib = ifp->if_fib;
+		break;
+
+	case SIOCSIFFIB:
+		error = priv_check(td, PRIV_NET_SETIFFIB);
+		if (error)
+			return (error);
+		if (ifr->ifr_fib >= rt_numfibs)
+			return (EINVAL);
+
+		ifp->if_fib = ifr->ifr_fib;
+		break;
+
 	case SIOCSIFFLAGS:
 		error = priv_check(td, PRIV_NET_SETIFFLAGS);
 		if (error)
diff --git a/sys/net/if.h b/sys/net/if.h
index d291da85f..9adea0ae9 100644
--- a/sys/net/if.h
+++ b/sys/net/if.h
@@ -315,6 +315,7 @@ struct	ifreq {
 		int	ifru_media;
 		caddr_t	ifru_data;
 		int	ifru_cap[2];
+		u_int	ifru_fib;
 	} ifr_ifru;
 #define	ifr_addr	ifr_ifru.ifru_addr	/* address */
 #define	ifr_dstaddr	ifr_ifru.ifru_dstaddr	/* other end of p-to-p link */
@@ -331,6 +332,7 @@ struct	ifreq {
 #define	ifr_reqcap	ifr_ifru.ifru_cap[0]	/* requested capabilities */
 #define	ifr_curcap	ifr_ifru.ifru_cap[1]	/* current capabilities */
 #define	ifr_index	ifr_ifru.ifru_index	/* interface index */
+#define	ifr_fib		ifr_ifru.ifru_fib	/* interface fib */
 };
 
 #define	_SIZEOF_ADDR_IFREQ(ifr) \
diff --git a/sys/net/if_debug.c b/sys/net/if_debug.c
index 4be9beaa6..e73ac8955 100644
--- a/sys/net/if_debug.c
+++ b/sys/net/if_debug.c
@@ -86,6 +86,7 @@ if_show_ifnet(struct ifnet *ifp)
 	IF_DB_PRINTF("%d", if_snd.ifq_drv_maxlen);
 	IF_DB_PRINTF("%d", if_snd.altq_type);
 	IF_DB_PRINTF("%x", if_snd.altq_flags);
+	IF_DB_PRINTF("%u", if_fib);
 #undef IF_DB_PRINTF
 }
 
diff --git a/sys/net/if_var.h b/sys/net/if_var.h
index bb95ea765..c39591e22 100644
--- a/sys/net/if_var.h
+++ b/sys/net/if_var.h
@@ -207,7 +207,8 @@ struct ifnet {
 	char	if_cspare[3];
 	char	*if_description;	/* interface description */
 	void	*if_pspare[7];
-	int	if_ispare[4];
+	int	if_ispare[3];
+	u_int	if_fib;			/* interface FIB */
 };
 
 typedef void if_init_f_t(void *);
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
index 44d1d9422..9955e5bf6 100644
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@ -336,6 +336,7 @@
 #define	PRIV_NET_GIF		416	/* Administer gif interface. */
 #define	PRIV_NET_SETIFVNET	417	/* Move interface to vnet. */
 #define	PRIV_NET_SETIFDESCR	418	/* Set interface description. */
+#define	PRIV_NET_SETIFFIB	419	/* Set interface fib. */
 
 /*
  * 802.11-related privileges.
diff --git a/sys/sys/sockio.h b/sys/sys/sockio.h
index 4c1c4839c..892269905 100644
--- a/sys/sys/sockio.h
+++ b/sys/sys/sockio.h
@@ -110,6 +110,9 @@
 #define	SIOCSIFVNET	_IOWR('i', 90, struct ifreq)	/* move IF jail/vnet */
 #define	SIOCSIFRVNET	_IOWR('i', 91, struct ifreq)	/* reclaim vnet IF */
 
+#define	SIOCGIFFIB	_IOWR('i', 92, struct ifreq)	/* get IF fib */
+#define	SIOCSIFFIB	 _IOW('i', 93, struct ifreq)	/* set IF fib */
+
 #define	SIOCSDRVSPEC	_IOW('i', 123, struct ifdrv)	/* set driver-specific
 								  parameters */
 #define	SIOCGDRVSPEC	_IOWR('i', 123, struct ifdrv)	/* get driver-specific
-- 
2.45.2