Index: sys/netinet6/icmp6.c =================================================================== --- sys/netinet6/icmp6.c (revision 306271) +++ sys/netinet6/icmp6.c (working copy) @@ -748,36 +748,19 @@ goto badcode; if (icmp6len < sizeof(struct nd_router_solicit)) goto badlen; - if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) == NULL) { - /* give up local */ - - /* Send incoming SeND packet to user space. */ - if (send_sendso_input_hook != NULL) { - IP6_EXTHDR_CHECK(m, off, - icmp6len, IPPROTO_DONE); - error = send_sendso_input_hook(m, ifp, - SND_IN, ip6len); - /* -1 == no app on SEND socket */ - if (error == 0) - return (IPPROTO_DONE); - nd6_rs_input(m, off, icmp6len); - } else - nd6_rs_input(m, off, icmp6len); - m = NULL; - goto freeit; - } if (send_sendso_input_hook != NULL) { - IP6_EXTHDR_CHECK(n, off, - icmp6len, IPPROTO_DONE); - error = send_sendso_input_hook(n, ifp, - SND_IN, ip6len); - if (error == 0) + IP6_EXTHDR_CHECK(m, off, icmp6len, IPPROTO_DONE); + error = send_sendso_input_hook(m, ifp, SND_IN, ip6len); + if (error == 0) { + m = NULL; goto freeit; - /* -1 == no app on SEND socket */ - nd6_rs_input(n, off, icmp6len); - } else - nd6_rs_input(n, off, icmp6len); - /* m stays. */ + } + } + n = m_copym(m, 0, M_COPYALL, M_NOWAIT); + nd6_rs_input(m, off, icmp6len); + m = n; + if (m == NULL) + goto freeit; break; case ND_ROUTER_ADVERT: @@ -786,29 +769,18 @@ goto badcode; if (icmp6len < sizeof(struct nd_router_advert)) goto badlen; - if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) == NULL) { - - /* Send incoming SeND-protected/ND packet to user space. */ - if (send_sendso_input_hook != NULL) { - error = send_sendso_input_hook(m, ifp, - SND_IN, ip6len); - if (error == 0) - return (IPPROTO_DONE); - nd6_ra_input(m, off, icmp6len); - } else - nd6_ra_input(m, off, icmp6len); - m = NULL; - goto freeit; - } if (send_sendso_input_hook != NULL) { - error = send_sendso_input_hook(n, ifp, - SND_IN, ip6len); - if (error == 0) + error = send_sendso_input_hook(m, ifp, SND_IN, ip6len); + if (error == 0) { + m = NULL; goto freeit; - nd6_ra_input(n, off, icmp6len); - } else - nd6_ra_input(n, off, icmp6len); - /* m stays. */ + } + } + n = m_copym(m, 0, M_COPYALL, M_NOWAIT); + nd6_ra_input(m, off, icmp6len); + m = n; + if (m == NULL) + goto freeit; break; case ND_NEIGHBOR_SOLICIT: @@ -817,27 +789,18 @@ goto badcode; if (icmp6len < sizeof(struct nd_neighbor_solicit)) goto badlen; - if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) == NULL) { - if (send_sendso_input_hook != NULL) { - error = send_sendso_input_hook(m, ifp, - SND_IN, ip6len); - if (error == 0) - return (IPPROTO_DONE); - nd6_ns_input(m, off, icmp6len); - } else - nd6_ns_input(m, off, icmp6len); - m = NULL; - goto freeit; - } if (send_sendso_input_hook != NULL) { - error = send_sendso_input_hook(n, ifp, - SND_IN, ip6len); - if (error == 0) + error = send_sendso_input_hook(m, ifp, SND_IN, ip6len); + if (error == 0) { + m = NULL; goto freeit; - nd6_ns_input(n, off, icmp6len); - } else - nd6_ns_input(n, off, icmp6len); - /* m stays. */ + } + } + n = m_copym(m, 0, M_COPYALL, M_NOWAIT); + nd6_ns_input(m, off, icmp6len); + m = n; + if (m == NULL) + goto freeit; break; case ND_NEIGHBOR_ADVERT: @@ -846,29 +809,18 @@ goto badcode; if (icmp6len < sizeof(struct nd_neighbor_advert)) goto badlen; - if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) == NULL) { - - /* Send incoming SeND-protected/ND packet to user space. */ - if (send_sendso_input_hook != NULL) { - error = send_sendso_input_hook(m, ifp, - SND_IN, ip6len); - if (error == 0) - return (IPPROTO_DONE); - nd6_na_input(m, off, icmp6len); - } else - nd6_na_input(m, off, icmp6len); - m = NULL; - goto freeit; - } if (send_sendso_input_hook != NULL) { - error = send_sendso_input_hook(n, ifp, - SND_IN, ip6len); - if (error == 0) + error = send_sendso_input_hook(m, ifp, SND_IN, ip6len); + if (error == 0) { + m = NULL; goto freeit; - nd6_na_input(n, off, icmp6len); - } else - nd6_na_input(n, off, icmp6len); - /* m stays. */ + } + } + n = m_copym(m, 0, M_COPYALL, M_NOWAIT); + nd6_na_input(m, off, icmp6len); + m = n; + if (m == NULL) + goto freeit; break; case ND_REDIRECT: @@ -877,27 +829,18 @@ goto badcode; if (icmp6len < sizeof(struct nd_redirect)) goto badlen; - if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) == NULL) { - if (send_sendso_input_hook != NULL) { - error = send_sendso_input_hook(m, ifp, - SND_IN, ip6len); - if (error == 0) - return (IPPROTO_DONE); - icmp6_redirect_input(m, off); - } else - icmp6_redirect_input(m, off); - m = NULL; - goto freeit; - } if (send_sendso_input_hook != NULL) { - error = send_sendso_input_hook(n, ifp, - SND_IN, ip6len); - if (error == 0) + error = send_sendso_input_hook(m, ifp, SND_IN, ip6len); + if (error == 0) { + m = NULL; goto freeit; - icmp6_redirect_input(n, off); - } else - icmp6_redirect_input(n, off); - /* m stays. */ + } + } + n = m_copym(m, 0, M_COPYALL, M_NOWAIT); + icmp6_redirect_input(m, off); + m = n; + if (m == NULL) + goto freeit; break; case ICMP6_ROUTER_RENUMBERING: Index: sys/netinet6/in6.c =================================================================== --- sys/netinet6/in6.c (revision 306271) +++ sys/netinet6/in6.c (working copy) @@ -724,10 +724,10 @@ /* add the prefix if not yet. */ if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { /* - * nd6_prelist_add will install the corresponding + * nd6_prefix_add will install the corresponding * interface route. */ - if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) { + if ((error = nd6_prefix_add(&pr0, NULL, &pr)) != 0) { if (carp_attached) (*carp_detach_p)(&ia->ia_ifa); goto out; @@ -737,7 +737,7 @@ /* relate the address to the prefix */ if (ia->ia6_ndpr == NULL) { ia->ia6_ndpr = pr; - pr->ndpr_refcnt++; + pr->ndpr_addrcnt++; /* * If this is the first autoconf address from the @@ -745,7 +745,7 @@ * (when required). */ if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && - V_ip6_use_tempaddr && pr->ndpr_refcnt == 1) { + V_ip6_use_tempaddr && pr->ndpr_addrcnt == 1) { int e; if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { log(LOG_NOTICE, "in6_control: failed " @@ -754,6 +754,7 @@ } } } + nd6_prefix_rele(pr); /* * this might affect the status of autoconfigured addresses, @@ -798,12 +799,16 @@ * and the prefix management. We do this, however, to provide * as much backward compatibility as possible in terms of * the ioctl operation. - * Note that in6_purgeaddr() will decrement ndpr_refcnt. + * Note that in6_purgeaddr() will decrement ndpr_addrcnt. */ pr = ia->ia6_ndpr; in6_purgeaddr(&ia->ia_ifa); - if (pr && pr->ndpr_refcnt == 0) - prelist_remove(pr); + if (pr != NULL && pr->ndpr_addrcnt == 0) { + ND6_WLOCK(); + nd6_prefix_unlink(pr, NULL); + ND6_WUNLOCK(); + nd6_prefix_del(pr); + } EVENTHANDLER_INVOKE(ifaddr_event, ifp); break; } @@ -1555,7 +1560,7 @@ "in6_unlink_ifa: autoconf'ed address " "%s has no prefix\n", ip6_sprintf(ip6buf, IA6_IN6(ia)))); } else { - ia->ia6_ndpr->ndpr_refcnt--; + ia->ia6_ndpr->ndpr_addrcnt--; ia->ia6_ndpr = NULL; } Index: sys/netinet6/in6_ifattach.c =================================================================== --- sys/netinet6/in6_ifattach.c (revision 306271) +++ sys/netinet6/in6_ifattach.c (working copy) @@ -454,6 +454,7 @@ struct in6_ifaddr *ia; struct in6_aliasreq ifra; struct nd_prefixctl pr0; + struct nd_prefix *pr; int i, error; /* @@ -550,10 +551,11 @@ * address, and then reconfigure another one, the prefix is still * valid with referring to the old link-local address. */ - if (nd6_prefix_lookup(&pr0) == NULL) { - if ((error = nd6_prelist_add(&pr0, NULL, NULL)) != 0) + if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { + if ((error = nd6_prefix_add(&pr0, NULL, NULL)) != 0) return (error); - } + } else + nd6_prefix_rele(pr); return 0; } @@ -806,9 +808,6 @@ if (ifp->if_afdata[AF_INET6] == NULL) return; - /* remove neighbor management table */ - nd6_purge(ifp); - /* nuke any of IPv6 addresses we have */ TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, next) { if (ifa->ifa_addr->sa_family != AF_INET6) @@ -856,12 +855,10 @@ in6_purgemaddrs(ifp); /* - * remove neighbor management table. we call it twice just to make - * sure we nuke everything. maybe we need just one call. - * XXX: since the first call did not release addresses, some prefixes - * might remain. We should call nd6_purge() again to release the - * prefixes after removing all addresses above. - * (Or can we just delay calling nd6_purge until at this point?) + * Remove neighbor management table. + * Enabling the nd6_purge will panic on vmove for interfaces on VNET + * teardown as the IPv6 layer is cleaned up already and the locks + * are destroyed. */ nd6_purge(ifp); Index: sys/netinet6/nd6.c =================================================================== --- sys/netinet6/nd6.c (revision 306271) +++ sys/netinet6/nd6.c (working copy) @@ -39,8 +39,10 @@ #include #include #include +#include #include #include +#include #include #include #include @@ -48,7 +50,6 @@ #include #include #include -#include #include #include #include @@ -115,6 +116,8 @@ VNET_DEFINE(struct nd_drhead, nd_defrouter); VNET_DEFINE(struct nd_prhead, nd_prefix); VNET_DEFINE(struct rwlock, nd6_lock); +VNET_DEFINE(uint64_t, nd6_list_genid); +VNET_DEFINE(struct mtx, nd6_onlink_mtx); VNET_DEFINE(int, nd6_recalc_reachtm_interval) = ND6_RECALC_REACHTM_INTERVAL; #define V_nd6_recalc_reachtm_interval VNET(nd6_recalc_reachtm_interval) @@ -143,11 +146,10 @@ nd6_init(void) { - rw_init(&V_nd6_lock, "nd6"); + mtx_init(&V_nd6_onlink_mtx, "nd6 onlink", NULL, MTX_DEF); + rw_init(&V_nd6_lock, "nd6 list"); LIST_INIT(&V_nd_prefix); - - /* initialization of the default router list */ TAILQ_INIT(&V_nd_defrouter); /* start timer */ @@ -614,6 +616,7 @@ { CURVNET_SET((struct vnet *) arg); struct nd_drhead drq; + struct nd_prhead prl; struct nd_defrouter *dr, *ndr; struct nd_prefix *pr, *npr; struct in6_ifaddr *ia6, *nia6; @@ -622,8 +625,8 @@ nd6_timer, curvnet); TAILQ_INIT(&drq); + LIST_INIT(&prl); - /* expire default router list */ ND6_WLOCK(); TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, ndr) if (dr->expire && dr->expire < time_uptime) @@ -730,22 +733,27 @@ } } - /* expire prefix list */ + ND6_WLOCK(); LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) { /* - * check prefix lifetime. - * since pltime is just for autoconf, pltime processing for - * prefix is not necessary. + * Expire prefixes. Since the pltime is only used for + * autoconfigured addresses, pltime processing for prefixes is + * not necessary. + * + * Only unlink after all derived addresses have expired. This + * may not occur until two hours after the prefix has expired + * per RFC 4862. */ if (pr->ndpr_vltime != ND6_INFINITE_LIFETIME && - time_uptime - pr->ndpr_lastupdate > pr->ndpr_vltime) { + time_uptime - pr->ndpr_lastupdate > pr->ndpr_vltime && + pr->ndpr_addrcnt == 0) + nd6_prefix_unlink(pr, &prl); + } + ND6_WUNLOCK(); - /* - * address expiration and prefix expiration are - * separate. NEVER perform in6_purgeaddr here. - */ - prelist_remove(pr); - } + while ((pr = LIST_FIRST(&prl)) != NULL) { + LIST_REMOVE(pr, ndpr_entry); + nd6_prefix_del(pr); } CURVNET_RESTORE(); } @@ -828,11 +836,14 @@ nd6_purge(struct ifnet *ifp) { struct nd_drhead drq; + struct nd_prhead prl; struct nd_defrouter *dr, *ndr; struct nd_prefix *pr, *npr; TAILQ_INIT(&drq); + LIST_INIT(&prl); + ND6_WLOCK(); /* * Nuke default router list entries toward ifp. * We defer removal of default router list entries that is installed @@ -839,7 +850,6 @@ * in the routing table, in order to keep additional side effects as * small as possible. */ - ND6_WLOCK(); TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, ndr) { if (dr->installed) continue; @@ -853,6 +863,11 @@ if (dr->ifp == ifp) defrouter_unlink(dr, &drq); } + + LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) { + if (pr->ndpr_ifp == ifp) + nd6_prefix_unlink(pr, &prl); + } ND6_WUNLOCK(); while ((dr = TAILQ_FIRST(&drq)) != NULL) { @@ -860,27 +875,9 @@ defrouter_del(dr); } - /* Nuke prefix list entries toward ifp */ - LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) { - if (pr->ndpr_ifp == ifp) { - /* - * Because if_detach() does *not* release prefixes - * while purging addresses the reference count will - * still be above zero. We therefore reset it to - * make sure that the prefix really gets purged. - */ - pr->ndpr_refcnt = 0; - - /* - * Previously, pr->ndpr_addr is removed as well, - * but I strongly believe we don't have to do it. - * nd6_purge() is only called from in6_ifdetach(), - * which removes all the associated interface addresses - * by itself. - * (jinmei@kame.net 20010129) - */ - prelist_remove(pr); - } + while ((pr = LIST_FIRST(&prl)) != NULL) { + LIST_REMOVE(pr, ndpr_entry); + nd6_prefix_del(pr); } /* cancel default outgoing interface setting */ @@ -891,14 +888,6 @@ /* Refresh default router list. */ defrouter_select(); } - - /* XXXXX - * We do not nuke the neighbor cache entries here any more - * because the neighbor cache is kept in if_afdata[AF_INET6]. - * nd6_purge() is invoked by in6_ifdetach() which is called - * from if_detach() where everything gets purged. So let - * in6_domifdetach() do the actual L2 table purging work. - */ } /* @@ -942,6 +931,7 @@ { struct nd_prefix *pr; struct ifaddr *dstaddr; + uint64_t genid; /* * A link-local address is always a neighbor. @@ -972,6 +962,8 @@ * If the address matches one of our on-link prefixes, it should be a * neighbor. */ + ND6_RLOCK(); +restart: LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { if (pr->ndpr_ifp != ifp) continue; @@ -979,9 +971,19 @@ if (!(pr->ndpr_stateflags & NDPRF_ONLINK)) { struct rtentry *rt; + genid = V_nd6_list_genid; + ND6_RUNLOCK(); + /* Always use the default FIB here. */ rt = in6_rtalloc1((struct sockaddr *)&pr->ndpr_prefix, 0, 0, RT_DEFAULT_FIB); + + ND6_RLOCK(); + if (genid != V_nd6_list_genid) { + if (rt != NULL) + RTFREE_LOCKED(rt); + goto restart; + } if (rt == NULL) continue; /* @@ -1003,9 +1005,12 @@ } if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, - &addr->sin6_addr, &pr->ndpr_mask)) + &addr->sin6_addr, &pr->ndpr_mask)) { + ND6_RUNLOCK(); return (1); + } } + ND6_RUNLOCK(); /* * If the address is assigned on the node of the other side of @@ -1455,15 +1460,22 @@ case SIOCSPFXFLUSH_IN6: { /* flush all the prefix advertised by routers */ + struct in6_ifaddr *ia, *ia_next; struct nd_prefix *pr, *next; + struct nd_prhead prl; + LIST_INIT(&prl); + + ND6_WLOCK(); LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, next) { - struct in6_ifaddr *ia, *ia_next; - if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) continue; /* XXX */ + nd6_prefix_unlink(pr, &prl); + } + ND6_WUNLOCK(); - /* do we really have to remove addresses as well? */ + while ((pr = LIST_FIRST(&prl)) != NULL) { + LIST_REMOVE(pr, ndpr_entry); /* XXXRW: in6_ifaddrhead locking. */ TAILQ_FOREACH_SAFE(ia, &V_in6_ifaddrhead, ia_link, ia_next) { @@ -1473,7 +1485,7 @@ if (ia->ia6_ndpr == pr) in6_purgeaddr(&ia->ia_ifa); } - prelist_remove(pr); + nd6_prefix_del(pr); } break; } @@ -2323,7 +2335,7 @@ else p.expire = maxexpire; } - p.refcnt = pr->ndpr_refcnt; + p.refcnt = pr->ndpr_addrcnt; p.flags = pr->ndpr_stateflags; p.advrtrs = 0; LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) Index: sys/netinet6/nd6.h =================================================================== --- sys/netinet6/nd6.h (revision 306271) +++ sys/netinet6/nd6.h (working copy) @@ -259,7 +259,7 @@ struct prf_ra ndpr_flags; }; - +LIST_HEAD(nd_prhead, nd_prefix); struct nd_prefix { struct ifnet *ndpr_ifp; LIST_ENTRY(nd_prefix) ndpr_entry; @@ -278,7 +278,8 @@ /* list of routers that advertise the prefix: */ LIST_HEAD(pr_rtrhead, nd_pfxrouter) ndpr_advrtrs; u_char ndpr_plen; - int ndpr_refcnt; /* reference couter from addresses */ + int ndpr_addrcnt; /* count of derived addresses */ + volatile u_int ndpr_refcnt; }; #define ndpr_raf ndpr_flags @@ -317,8 +318,6 @@ struct nd_defrouter *router; }; -LIST_HEAD(nd_prhead, nd_prefix); - /* nd6.c */ VNET_DECLARE(int, nd6_prune); VNET_DECLARE(int, nd6_delay); @@ -345,17 +344,29 @@ /* Lock for the prefix and default router lists. */ VNET_DECLARE(struct rwlock, nd6_lock); +VNET_DECLARE(uint64_t, nd6_list_genid); #define V_nd6_lock VNET(nd6_lock) +#define V_nd6_list_genid VNET(nd6_list_genid) #define ND6_RLOCK() rw_rlock(&V_nd6_lock) #define ND6_RUNLOCK() rw_runlock(&V_nd6_lock) #define ND6_WLOCK() rw_wlock(&V_nd6_lock) #define ND6_WUNLOCK() rw_wunlock(&V_nd6_lock) +#define ND6_TRY_UPGRADE() rw_try_upgrade(&V_nd6_lock) #define ND6_WLOCK_ASSERT() rw_assert(&V_nd6_lock, RA_WLOCKED) #define ND6_RLOCK_ASSERT() rw_assert(&V_nd6_lock, RA_RLOCKED) #define ND6_LOCK_ASSERT() rw_assert(&V_nd6_lock, RA_LOCKED) #define ND6_UNLOCK_ASSERT() rw_assert(&V_nd6_lock, RA_UNLOCKED) +/* Mutex for prefix onlink/offlink transitions. */ +VNET_DECLARE(struct mtx, nd6_onlink_mtx); +#define V_nd6_onlink_mtx VNET(nd6_onlink_mtx) + +#define ND6_ONLINK_LOCK() mtx_lock(&V_nd6_onlink_mtx) +#define ND6_ONLINK_UNLOCK() mtx_unlock(&V_nd6_onlink_mtx) +#define ND6_ONLINK_LOCK_ASSERT() mtx_assert(&V_nd6_onlink_mtx, MA_OWNED) +#define ND6_ONLINK_UNLOCK_ASSERT() mtx_assert(&V_nd6_onlink_mtx, MA_NOTOWNED) + #define nd6log(x) do { if (V_nd6_debug) log x; } while (/*CONSTCOND*/ 0) VNET_DECLARE(struct callout, nd6_timer_ch); @@ -466,9 +477,12 @@ bool defrouter_remove(struct in6_addr *, struct ifnet *); void defrouter_unlink(struct nd_defrouter *, struct nd_drhead *); void defrouter_del(struct nd_defrouter *); -void prelist_remove(struct nd_prefix *); -int nd6_prelist_add(struct nd_prefixctl *, struct nd_defrouter *, - struct nd_prefix **); +int nd6_prefix_add(struct nd_prefixctl *, struct nd_defrouter *, + struct nd_prefix **); +void nd6_prefix_unlink(struct nd_prefix *, struct nd_prhead *); +void nd6_prefix_del(struct nd_prefix *); +void nd6_prefix_ref(struct nd_prefix *); +void nd6_prefix_rele(struct nd_prefix *); void pfxlist_onlink_check(void); struct nd_defrouter *defrouter_lookup(struct in6_addr *, struct ifnet *); struct nd_defrouter *defrouter_lookup_locked(struct in6_addr *, struct ifnet *); Index: sys/netinet6/nd6_nbr.c =================================================================== --- sys/netinet6/nd6_nbr.c (revision 306271) +++ sys/netinet6/nd6_nbr.c (working copy) @@ -1271,40 +1271,26 @@ char ip6buf[INET6_ADDRSTRLEN]; int send_ns; + KASSERT((ia->ia6_flags & IN6_IFF_TENTATIVE) != 0, + ("starting DAD on non-tentative address %p", ifa)); + /* * If we don't need DAD, don't do it. * There are several cases: - * - DAD is disabled (ip6_dad_count == 0) + * - DAD is disabled globally or on the interface * - the interface address is anycast */ - if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) { - log(LOG_DEBUG, - "nd6_dad_start: called with non-tentative address " - "%s(%s)\n", - ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), - ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); - return; - } - if (ia->ia6_flags & IN6_IFF_ANYCAST) { + if ((ia->ia6_flags & IN6_IFF_ANYCAST) != 0 || + V_ip6_dad_count == 0 || + (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_NO_DAD) != 0) { ia->ia6_flags &= ~IN6_IFF_TENTATIVE; return; } - if (!V_ip6_dad_count) { - ia->ia6_flags &= ~IN6_IFF_TENTATIVE; + if ((ifa->ifa_ifp->if_flags & IFF_UP) == 0 || + (ifa->ifa_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 || + (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_IFDISABLED) != 0) return; - } - if (ifa->ifa_ifp == NULL) - panic("nd6_dad_start: ifa->ifa_ifp == NULL"); - if (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_NO_DAD) { - ia->ia6_flags &= ~IN6_IFF_TENTATIVE; - return; - } - if (!(ifa->ifa_ifp->if_flags & IFF_UP) || - !(ifa->ifa_ifp->if_drv_flags & IFF_DRV_RUNNING) || - (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_IFDISABLED)) { - ia->ia6_flags |= IN6_IFF_TENTATIVE; - return; - } + if ((dp = nd6_dad_find(ifa, NULL)) != NULL) { /* * DAD is already in progress. Let the existing entry @@ -1388,11 +1374,10 @@ struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; char ip6buf[INET6_ADDRSTRLEN]; - /* Sanity check */ - if (ia == NULL) { - log(LOG_ERR, "nd6_dad_timer: called with null parameter\n"); - goto err; - } + KASSERT(ia != NULL, ("DAD entry %p with no address", dp)); + KASSERT((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0, + ("DAD entry %p for non-tentative address", dp)); + if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) { /* Do not need DAD for ifdisabled interface. */ log(LOG_ERR, "nd6_dad_timer: cancel DAD on %s because of " @@ -1406,13 +1391,6 @@ ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); goto err; } - if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) { - log(LOG_ERR, "nd6_dad_timer: called with non-tentative address " - "%s(%s)\n", - ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), - ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); - goto err; - } /* Stop DAD if the interface is down even after dad_maxtry attempts. */ if ((dp->dad_ns_tcount > V_dad_maxtry) && Index: sys/netinet6/nd6_rtr.c =================================================================== --- sys/netinet6/nd6_rtr.c (revision 306271) +++ sys/netinet6/nd6_rtr.c (working copy) @@ -73,17 +73,16 @@ struct mbuf *, int); static struct in6_ifaddr *in6_ifadd(struct nd_prefixctl *, int); static struct nd_pfxrouter *pfxrtr_lookup(struct nd_prefix *, - struct nd_defrouter *); + struct nd_defrouter *); static void pfxrtr_add(struct nd_prefix *, struct nd_defrouter *); static void pfxrtr_del(struct nd_pfxrouter *); -static struct nd_pfxrouter *find_pfxlist_reachable_router -(struct nd_prefix *); +static struct nd_pfxrouter *find_pfxlist_reachable_router(struct nd_prefix *); static void defrouter_delreq(struct nd_defrouter *); static void nd6_rtmsg(int, struct rtentry *); static int in6_init_prefix_ltimes(struct nd_prefix *); static void in6_init_address_ltimes(struct nd_prefix *, - struct in6_addrlifetime *); + struct in6_addrlifetime *); static int nd6_prefix_onlink(struct nd_prefix *); static int nd6_prefix_offlink(struct nd_prefix *); @@ -659,6 +658,7 @@ ND6_WLOCK_ASSERT(); TAILQ_REMOVE(&V_nd_defrouter, dr, dr_entry); + V_nd6_list_genid++; if (drq != NULL) TAILQ_INSERT_TAIL(drq, dr, dr_entry); } @@ -668,6 +668,7 @@ { struct nd_defrouter *deldr = NULL; struct nd_prefix *pr; + struct nd_pfxrouter *pfxrtr; ND6_UNLOCK_ASSERT(); @@ -686,11 +687,13 @@ /* * Also delete all the pointers to the router in each prefix lists. */ + ND6_WLOCK(); LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { - struct nd_pfxrouter *pfxrtr; if ((pfxrtr = pfxrtr_lookup(pr, dr)) != NULL) pfxrtr_del(pfxrtr); } + ND6_WUNLOCK(); + pfxlist_onlink_check(); /* @@ -850,7 +853,9 @@ defrtrlist_update(struct nd_defrouter *new) { struct nd_defrouter *dr, *n; + uint64_t genid; int oldpref; + bool writelocked; if (new->rtlifetime == 0) { defrouter_remove(&new->rtaddr, new->ifp); @@ -857,7 +862,9 @@ return (NULL); } - ND6_WLOCK(); + ND6_RLOCK(); + writelocked = false; +restart: dr = defrouter_lookup_locked(&new->rtaddr, new->ifp); if (dr != NULL) { oldpref = rtpref(dr); @@ -873,10 +880,31 @@ * router is still installed in the kernel. */ if (dr->installed && rtpref(new) == oldpref) { - ND6_WUNLOCK(); + if (writelocked) + ND6_WUNLOCK(); + else + ND6_RUNLOCK(); return (dr); } + } + /* + * The router needs to be reinserted into the default router + * list, so upgrade to a write lock. If that fails and the list + * has potentially changed while the lock was dropped, we'll + * redo the lookup with the write lock held. + */ + if (!writelocked && !ND6_TRY_UPGRADE()) { + genid = V_nd6_list_genid; + ND6_RUNLOCK(); + ND6_WLOCK(); + writelocked = true; + if (genid != V_nd6_list_genid) + goto restart; + } + writelocked = true; + + if (dr != NULL) { /* * The preferred router may have changed, so relocate this * router. @@ -910,6 +938,7 @@ TAILQ_INSERT_BEFORE(dr, n, dr_entry); else TAILQ_INSERT_TAIL(&V_nd_defrouter, n, dr_entry); + V_nd6_list_genid++; ND6_WUNLOCK(); defrouter_select(); @@ -922,11 +951,12 @@ { struct nd_pfxrouter *search; + ND6_LOCK_ASSERT(); + LIST_FOREACH(search, &pr->ndpr_advrtrs, pfr_entry) { if (search->router == dr) break; } - return (search); } @@ -934,7 +964,17 @@ pfxrtr_add(struct nd_prefix *pr, struct nd_defrouter *dr) { struct nd_pfxrouter *new; + bool update; + ND6_UNLOCK_ASSERT(); + + ND6_RLOCK(); + if (pfxrtr_lookup(pr, dr) != NULL) { + ND6_RUNLOCK(); + return; + } + ND6_RUNLOCK(); + new = malloc(sizeof(*new), M_IP6NDP, M_NOWAIT | M_ZERO); if (new == NULL) return; @@ -941,9 +981,19 @@ new->router = dr; defrouter_ref(dr); - LIST_INSERT_HEAD(&pr->ndpr_advrtrs, new, pfr_entry); + update = false; + ND6_WLOCK(); + if (pfxrtr_lookup(pr, dr) == NULL) { + LIST_INSERT_HEAD(&pr->ndpr_advrtrs, new, pfr_entry); + update = true; + } else { + defrouter_rele(dr); + free(new, M_IP6NDP); + } + ND6_WUNLOCK(); - pfxlist_onlink_check(); + if (update) + pfxlist_onlink_check(); } static void @@ -955,35 +1005,66 @@ free(pfr, M_IP6NDP); } -struct nd_prefix * -nd6_prefix_lookup(struct nd_prefixctl *key) +static struct nd_prefix * +nd6_prefix_lookup_locked(struct nd_prefixctl *key) { struct nd_prefix *search; + ND6_LOCK_ASSERT(); + LIST_FOREACH(search, &V_nd_prefix, ndpr_entry) { if (key->ndpr_ifp == search->ndpr_ifp && key->ndpr_plen == search->ndpr_plen && in6_are_prefix_equal(&key->ndpr_prefix.sin6_addr, &search->ndpr_prefix.sin6_addr, key->ndpr_plen)) { + nd6_prefix_ref(search); break; } } + return (search); +} +struct nd_prefix * +nd6_prefix_lookup(struct nd_prefixctl *key) +{ + struct nd_prefix *search; + + ND6_RLOCK(); + search = nd6_prefix_lookup_locked(key); + ND6_RUNLOCK(); return (search); } +void +nd6_prefix_ref(struct nd_prefix *pr) +{ + + refcount_acquire(&pr->ndpr_refcnt); +} + +void +nd6_prefix_rele(struct nd_prefix *pr) +{ + + if (refcount_release(&pr->ndpr_refcnt)) { + KASSERT(LIST_EMPTY(&pr->ndpr_advrtrs), + ("prefix %p has advertising routers", pr)); + free(pr, M_IP6NDP); + } +} + int -nd6_prelist_add(struct nd_prefixctl *pr, struct nd_defrouter *dr, +nd6_prefix_add(struct nd_prefixctl *pr, struct nd_defrouter *dr, struct nd_prefix **newp) { - struct nd_prefix *new = NULL; - int error = 0; - int i; + struct nd_prefix *new; char ip6buf[INET6_ADDRSTRLEN]; + int error, i; new = malloc(sizeof(*new), M_IP6NDP, M_NOWAIT | M_ZERO); if (new == NULL) return (ENOMEM); + refcount_init(&new->ndpr_refcnt, newp != NULL ? 2 : 1); new->ndpr_ifp = pr->ndpr_ifp; new->ndpr_prefix = pr->ndpr_prefix; new->ndpr_plen = pr->ndpr_plen; @@ -1004,20 +1085,22 @@ new->ndpr_prefix.sin6_addr.s6_addr32[i] &= new->ndpr_mask.s6_addr32[i]; - /* link ndpr_entry to nd_prefix list */ + ND6_WLOCK(); LIST_INSERT_HEAD(&V_nd_prefix, new, ndpr_entry); + V_nd6_list_genid++; + ND6_WUNLOCK(); /* ND_OPT_PI_FLAG_ONLINK processing */ if (new->ndpr_raf_onlink) { - int e; - - if ((e = nd6_prefix_onlink(new)) != 0) { - nd6log((LOG_ERR, "nd6_prelist_add: failed to make " + ND6_ONLINK_LOCK(); + if ((error = nd6_prefix_onlink(new)) != 0) { + nd6log((LOG_ERR, "nd6_prefix_add: failed to make " "the prefix %s/%d on-link on %s (errno=%d)\n", ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr), - pr->ndpr_plen, if_name(pr->ndpr_ifp), e)); + pr->ndpr_plen, if_name(pr->ndpr_ifp), error)); /* proceed anyway. XXX: is it correct? */ } + ND6_ONLINK_UNLOCK(); } if (dr != NULL) @@ -1027,16 +1110,34 @@ return (0); } +/* + * Remove a prefix from the prefix list and optionally stash it in a + * caller-provided list. + * + * The ND6 lock must be held. + */ void -prelist_remove(struct nd_prefix *pr) +nd6_prefix_unlink(struct nd_prefix *pr, struct nd_prhead *list) { + + ND6_WLOCK_ASSERT(); + + LIST_REMOVE(pr, ndpr_entry); + V_nd6_list_genid++; + if (list != NULL) + LIST_INSERT_HEAD(list, pr, ndpr_entry); +} + +void +nd6_prefix_del(struct nd_prefix *pr) +{ struct nd_pfxrouter *pfr, *next; int e; char ip6buf[INET6_ADDRSTRLEN]; - /* make sure to invalidate the prefix until it is really freed. */ - pr->ndpr_vltime = 0; - pr->ndpr_pltime = 0; + KASSERT(pr->ndpr_addrcnt == 0, + ("prefix %p has referencing addresses", pr)); + ND6_UNLOCK_ASSERT(); /* * Though these flags are now meaningless, we'd rather keep the value @@ -1043,28 +1144,27 @@ * of pr->ndpr_raf_onlink and pr->ndpr_raf_auto not to confuse users * when executing "ndp -p". */ - - if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0 && - (e = nd6_prefix_offlink(pr)) != 0) { - nd6log((LOG_ERR, "prelist_remove: failed to make %s/%d offlink " - "on %s, errno=%d\n", - ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr), - pr->ndpr_plen, if_name(pr->ndpr_ifp), e)); - /* what should we do? */ + if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0) { + ND6_ONLINK_LOCK(); + if ((e = nd6_prefix_offlink(pr)) != 0) { + nd6log((LOG_ERR, + "nd6_prelist_remove: failed to make %s/%d offlink " + "on %s, errno=%d\n", + ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr), + pr->ndpr_plen, if_name(pr->ndpr_ifp), e)); + /* what should we do? */ + } + ND6_ONLINK_UNLOCK(); } - if (pr->ndpr_refcnt > 0) - return; /* notice here? */ + ND6_WLOCK(); + /* Release references to routers that have advertised this prefix. */ + LIST_FOREACH_SAFE(pfr, &pr->ndpr_advrtrs, pfr_entry, next) + pfxrtr_del(pfr); + ND6_WUNLOCK(); - /* unlink ndpr_entry from nd_prefix list */ - LIST_REMOVE(pr, ndpr_entry); + nd6_prefix_rele(pr); - /* free list of routers that advertised the prefix */ - LIST_FOREACH_SAFE(pfr, &pr->ndpr_advrtrs, pfr_entry, next) { - pfxrtr_del(pfr); - } - free(pr, M_IP6NDP); - pfxlist_onlink_check(); } @@ -1097,7 +1197,10 @@ #endif } - if ((pr = nd6_prefix_lookup(new)) != NULL) { + ND6_RLOCK(); + pr = nd6_prefix_lookup(new); + ND6_RUNLOCK(); + if (pr != NULL) { /* * nd6_prefix_lookup() ensures that pr and new have the same * prefix on a same interface. @@ -1123,6 +1226,7 @@ (pr->ndpr_stateflags & NDPRF_ONLINK) == 0) { int e; + ND6_ONLINK_LOCK(); if ((e = nd6_prefix_onlink(pr)) != 0) { nd6log((LOG_ERR, "prelist_update: failed to make " @@ -1133,9 +1237,10 @@ pr->ndpr_plen, if_name(pr->ndpr_ifp), e)); /* proceed anyway. XXX: is it correct? */ } + ND6_ONLINK_UNLOCK(); } - if (dr && pfxrtr_lookup(pr, dr) == NULL) + if (dr != NULL) pfxrtr_add(pr, dr); } else { if (new->ndpr_vltime == 0) @@ -1143,10 +1248,10 @@ if (new->ndpr_raf_onlink == 0 && new->ndpr_raf_auto == 0) goto end; - error = nd6_prelist_add(new, dr, &pr); + error = nd6_prefix_add(new, dr, &pr); if (error != 0) { nd6log((LOG_NOTICE, "prelist_update: " - "nd6_prelist_add failed for %s/%d on %s errno=%d\n", + "nd6_prefix_add failed for %s/%d on %s errno=%d\n", ip6_sprintf(ip6buf, &new->ndpr_prefix.sin6_addr), new->ndpr_plen, if_name(new->ndpr_ifp), error)); goto end; /* we should just give up in this case. */ @@ -1356,7 +1461,7 @@ /* * note that we should use pr (not new) for reference. */ - pr->ndpr_refcnt++; + pr->ndpr_addrcnt++; ia6->ia6_ndpr = pr; /* @@ -1394,8 +1499,10 @@ } } - end: - return error; +end: + if (pr != NULL) + nd6_prefix_rele(pr); + return (error); } /* @@ -1410,6 +1517,8 @@ struct llentry *ln; int canreach; + ND6_LOCK_ASSERT(); + LIST_FOREACH(pfxrtr, &pr->ndpr_advrtrs, pfr_entry) { IF_AFDATA_RLOCK(pfxrtr->router->ifp); ln = nd6_lookup(&pfxrtr->router->rtaddr, 0, pfxrtr->router->ifp); @@ -1444,7 +1553,12 @@ struct in6_ifaddr *ifa; struct nd_defrouter *dr; struct nd_pfxrouter *pfxrtr = NULL; + uint64_t genid; + uint32_t flags; + ND6_ONLINK_LOCK(); + ND6_RLOCK(); + /* * Check if there is a prefix that has a reachable advertising * router. @@ -1459,7 +1573,6 @@ * that does not advertise any prefixes. */ if (pr == NULL) { - ND6_RLOCK(); TAILQ_FOREACH(dr, &V_nd_defrouter, dr_entry) { struct nd_prefix *pr0; @@ -1470,7 +1583,6 @@ if (pfxrtr != NULL) break; } - ND6_RUNLOCK(); } if (pr != NULL || (!TAILQ_EMPTY(&V_nd_defrouter) && pfxrtr == NULL)) { /* @@ -1484,40 +1596,26 @@ */ LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { /* XXX: a link-local prefix should never be detached */ - if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) + if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr) || + pr->ndpr_raf_onlink == 0 || + pr->ndpr_raf_auto == 0) continue; - /* - * we aren't interested in prefixes without the L bit - * set. - */ - if (pr->ndpr_raf_onlink == 0) - continue; - - if (pr->ndpr_raf_auto == 0) - continue; - if ((pr->ndpr_stateflags & NDPRF_DETACHED) == 0 && find_pfxlist_reachable_router(pr) == NULL) pr->ndpr_stateflags |= NDPRF_DETACHED; - if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0 && - find_pfxlist_reachable_router(pr) != 0) + else if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0 && + find_pfxlist_reachable_router(pr) != NULL) pr->ndpr_stateflags &= ~NDPRF_DETACHED; } } else { /* there is no prefix that has a reachable router */ LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { - if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) + if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr) || + pr->ndpr_raf_onlink == 0 || + pr->ndpr_raf_auto == 0) continue; - - if (pr->ndpr_raf_onlink == 0) - continue; - - if (pr->ndpr_raf_auto == 0) - continue; - - if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0) - pr->ndpr_stateflags &= ~NDPRF_DETACHED; + pr->ndpr_stateflags &= ~NDPRF_DETACHED; } } @@ -1529,22 +1627,22 @@ * interfaces. Such cases will be handled in nd6_prefix_onlink, * so we don't have to care about them. */ +restart_scan: LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { + char ip6buf[INET6_ADDRSTRLEN]; int e; - char ip6buf[INET6_ADDRSTRLEN]; - if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) + if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr) || + pr->ndpr_raf_onlink == 0 || + pr->ndpr_raf_auto == 0) continue; - if (pr->ndpr_raf_onlink == 0) - continue; - - if (pr->ndpr_raf_auto == 0) - continue; - - if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0 && - (pr->ndpr_stateflags & NDPRF_ONLINK) != 0) { - if ((e = nd6_prefix_offlink(pr)) != 0) { + flags = pr->ndpr_stateflags & (NDPRF_DETACHED | NDPRF_ONLINK); + if (flags == 0 || flags == (NDPRF_DETACHED | NDPRF_ONLINK)) { + genid = V_nd6_list_genid; + ND6_RUNLOCK(); + if ((flags & NDPRF_ONLINK) != 0 && + (e = nd6_prefix_offlink(pr)) != 0) { nd6log((LOG_ERR, "pfxlist_onlink_check: failed to " "make %s/%d offlink, errno=%d\n", @@ -1551,12 +1649,8 @@ ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr), pr->ndpr_plen, e)); - } - } - if ((pr->ndpr_stateflags & NDPRF_DETACHED) == 0 && - (pr->ndpr_stateflags & NDPRF_ONLINK) == 0 && - pr->ndpr_raf_onlink) { - if ((e = nd6_prefix_onlink(pr)) != 0) { + } else if ((flags & NDPRF_ONLINK) == 0 && + (e = nd6_prefix_onlink(pr)) != 0) { nd6log((LOG_ERR, "pfxlist_onlink_check: failed to " "make %s/%d onlink, errno=%d\n", @@ -1564,6 +1658,9 @@ &pr->ndpr_prefix.sin6_addr), pr->ndpr_plen, e)); } + ND6_RLOCK(); + if (genid != V_nd6_list_genid) + goto restart_scan; } } @@ -1625,6 +1722,8 @@ } } } + ND6_RUNLOCK(); + ND6_ONLINK_UNLOCK(); } static int @@ -1673,7 +1772,6 @@ RADIX_NODE_HEAD_UNLOCK(rnh); nd6_rtmsg(RTM_ADD, rt); RT_UNLOCK(rt); - pr->ndpr_stateflags |= NDPRF_ONLINK; } else { char ip6buf[INET6_ADDRSTRLEN]; char ip6bufg[INET6_ADDRSTRLEN]; @@ -1714,6 +1812,8 @@ int error = 0; char ip6buf[INET6_ADDRSTRLEN]; + ND6_UNLOCK_ASSERT(); + /* sanity check */ if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0) { nd6log((LOG_ERR, @@ -1730,6 +1830,7 @@ * Although such a configuration is expected to be rare, we explicitly * allow it. */ + ND6_RLOCK(); LIST_FOREACH(opr, &V_nd_prefix, ndpr_entry) { if (opr == pr) continue; @@ -1739,9 +1840,12 @@ if (opr->ndpr_plen == pr->ndpr_plen && in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr, - &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen)) + &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen)) { + ND6_RUNLOCK(); return (0); + } } + ND6_RUNLOCK(); /* * We prefer link-local addresses as the associated interface address. @@ -1777,6 +1881,8 @@ } error = nd6_prefix_onlink_rtrequest(pr, ifa); + if (error == 0) + pr->ndpr_stateflags |= NDPRF_ONLINK; if (ifa != NULL) ifa_free(ifa); @@ -1793,8 +1899,12 @@ struct sockaddr_in6 sa6, mask6; struct rtentry *rt; char ip6buf[INET6_ADDRSTRLEN]; + uint64_t genid; int fibnum, a_failure; + ND6_ONLINK_LOCK_ASSERT(); + ND6_UNLOCK_ASSERT(); + /* sanity check */ if ((pr->ndpr_stateflags & NDPRF_ONLINK) == 0) { nd6log((LOG_ERR, @@ -1843,18 +1953,18 @@ * If there's one, try to make the prefix on-link on the * interface. */ + ND6_RLOCK(); +restart: LIST_FOREACH(opr, &V_nd_prefix, ndpr_entry) { if (opr == pr) continue; - if ((opr->ndpr_stateflags & NDPRF_ONLINK) != 0) - continue; - /* * KAME specific: detached prefixes should not be * on-link. */ - if ((opr->ndpr_stateflags & NDPRF_DETACHED) != 0) + if ((opr->ndpr_stateflags & + (NDPRF_ONLINK | NDPRF_DETACHED)) != 0) continue; if (opr->ndpr_plen == pr->ndpr_plen && @@ -1862,6 +1972,8 @@ &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen)) { int e; + genid = V_nd6_list_genid; + ND6_RUNLOCK(); if ((e = nd6_prefix_onlink(opr)) != 0) { nd6log((LOG_ERR, "nd6_prefix_offlink: failed to " @@ -1873,8 +1985,12 @@ if_name(opr->ndpr_ifp), e)); } else a_failure = 0; + ND6_RLOCK(); + if (genid != V_nd6_list_genid) + goto restart; } } + ND6_RUNLOCK(); } else { /* XXX: can we still set the NDPRF_ONLINK flag? */ nd6log((LOG_ERR, @@ -2144,7 +2260,7 @@ return (EINVAL); /* XXX */ } newia->ia6_ndpr = ia0->ia6_ndpr; - newia->ia6_ndpr->ndpr_refcnt++; + newia->ia6_ndpr->ndpr_addrcnt++; ifa_free(&newia->ia_ifa); /*