Merge multi-FIB IPv6 support from projects/multi-fibv6/head/:

Extend the so far IPv4-only support for multiple routing tables (FIBs)
introduced in r178888 to IPv6 providing feature parity.

This includes an extended rtalloc(9) KPI for IPv6, the necessary
adjustments to the network stack, and user land support as in netstat.

Sponsored by:	Cisco Systems, Inc.
Reviewed by:	melifaro (basically)
MFC after:	10 days

2 files changed, 37 insertions, 8 deletions

diff --git a/contrib/netcat/netcat.c b/contrib/netcat/netcat.c
index 9b9017d..bee0fa6 100644
--- a/contrib/netcat/netcat.c
+++ b/contrib/netcat/netcat.c
@@ -605,8 +605,10 @@ remote_connect(const char *host, const char *port, struct addrinfo hints)
 #endif
 
 		if (rtableid) {
-			if (setfib(rtableid) == -1)
-				err(1, "setfib");
+			if (setsockopt(s, SOL_SOCKET, SO_SETFIB, &rtableid,
+			    sizeof(rtableid)) == -1)
+				err(1, "setsockopt(.., SO_SETFIB, %u, ..)",
+				    rtableid);
 		}
 
 		/* Bind to a local port or source address if specified. */
@@ -678,8 +680,11 @@ local_listen(char *host, char *port, struct addrinfo hints)
 			continue;
 
 		if (rtableid) {
-			if (setfib(rtableid) == -1)
-				err(1, "setfib");
+			ret = setsockopt(s, SOL_SOCKET, SO_SETFIB, &rtableid,
+			    sizeof(rtableid));
+			if (ret == -1)
+				err(1, "setsockopt(.., SO_SETFIB, %u, ..)",
+				    rtableid);
 		}
 
 		ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
diff --git a/contrib/pf/pfctl/parse.y b/contrib/pf/pfctl/parse.y
index 440692e..f798cac 100644
--- a/contrib/pf/pfctl/parse.y
+++ b/contrib/pf/pfctl/parse.y
@@ -33,6 +33,9 @@ __FBSDID("$FreeBSD$");
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
+#ifdef __FreeBSD__
+#include <sys/sysctl.h>
+#endif
 #include <net/if.h>
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
@@ -335,6 +338,7 @@ int		 expand_skip_interface(struct node_if *);
 int	 check_rulestate(int);
 int	 getservice(char *);
 int	 rule_label(struct pf_rule *, char *);
+int	 rt_tableid_max(void);
 
 void	 mv_rules(struct pf_ruleset *, struct pf_ruleset *);
 void	 decide_address_family(struct node_host *, sa_family_t *);
@@ -1174,7 +1178,7 @@ scrub_opt	: NODF	{
 			scrub_opts.randomid = 1;
 		}
 		| RTABLE NUMBER				{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -1322,7 +1326,7 @@ antispoof_opt	: label	{
 			antispoof_opts.label = $1;
 		}
 		| RTABLE NUMBER				{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -2361,7 +2365,7 @@ filter_opt	: USER uids {
 				filter_opts.prob = 1;
 		}
 		| RTABLE NUMBER				{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -4190,7 +4194,7 @@ tagged		: /* empty */		{ $$.neg = 0; $$.name = NULL; }
 
 rtable		: /* empty */		{ $$ = -1; }
 		| RTABLE NUMBER		{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -6051,3 +6055,23 @@ pfctl_load_anchors(int dev, struct pfctl *pf, struct pfr_buffer *trans)
 
 	return (0);
 }
+
+int
+rt_tableid_max(void)
+{
+#ifdef __FreeBSD__
+	int fibs;
+	size_t l = sizeof(fibs);
+
+        if (sysctlbyname("net.fibs", &fibs, &l, NULL, 0) == -1)
+		fibs = 16;	/* XXX RT_MAXFIBS, at least limit it some. */
+	/*
+	 * As the OpenBSD code only compares > and not >= we need to adjust
+	 * here given we only accept values of 0..n and want to avoid #ifdefs
+	 * in the grammer.
+	 */
+	return (fibs - 1);
+#else
+	return (RT_TABLEID_MAX);
+#endif
+}