s/itaddr/isaddr/

nh != NULL

Also it seem it is called from control code and you need to enter EPOCH.

Can you make the assignment separate from the declaration?

I'd put the check into the caller to ensure that passed ifp is still used within epoch.

why do we have assert here but no assert in verify_path6?
I'd rather remove this one.

IIRC it can be requested from userland table A lookup 1.1.1.1 and I'm not sure whether we enter epoch in this case or not. Have you checked it?

itaddr is used earlier in the code.

Sure.

OK.

Makes sense.

itaddr is the Target IP in the ARP packet.
isaddr is the Source IP in the ARP packet.

This call is used to determine the "reverse path" and drop "non-local" requests.

As far as I see, none of the ip_ctloutput()->inp_setmoptions()->inp_join_group()->inp_lookup_mcast_ifp()enters epoch, so this assert would fail.

There is a couple of differences in the KPI.

1. new KPI has nexthops with addresses embedded.
2. in case when the nexthop result is "directly-reachable-via ifX" (e.g. no NHF_GATEWAY flag exists) the nexthop address is not equal to the lookup address (not applicable here)

I guess we want _nexthop_ address here, which should be set first by something like nh_addr = nh->gw6_sa.sin6_addr

Are you sure this is called in epoch?

I guess != should be a bit better here :-)

no NHR_IFAIF here. The pointer to address interface is returned in the nexthop object in nh_aifp.

Same here, no NHR_IFAIF

Soo, did we check that the control path for table A lookup enter epoch somewhere, so the box doesn't panic?

Maybe worth changing function sugnature? The error code is ether 0 or EHOSTUNREACH, so maybe it can return nhop, and the caller can manually set error to EHOSTUNREACH on NULL nhop?

I looked at the control path, and to my knowledge it doesn't exist.

However, I could be wrong.

Fixed it, sorry. I got confused (blame my ADHD).

itaddr / isaddr is indeed extremely confusing. I guess at some point in time someone renames it to be somewhat more descriptive.

.. and as the nh_addr is the gateway address, it has the scope already embedded, so we don't need this line.

nh_aifp, as stated above.

same here

Soo, for this to be valid one needs to enter epoch before calling fib4_lookup.

style(9) suggests empty line after last variable declaration.

This is too wrong.

If you look inside inp_join_group(), code there:

1. does copyin(9)
2. locks sx

which cannot work while inside an epoch.

I do not understand multicast code, so cannot fix it. It might be that it is enough to push epoch inside inp_join_group() after all copyins, and leave it before cleanup at the very end of the function.

See https://people.freebsd.org/~pho/stress/log/kostik1311.txt as an example.

would moving the epoch enter/exit calls inside the IN_MULTI_LOCK/UNLOCK in inp_join_group be a reasonable thing to try?