I'd rather simplify this check to only verify LLE_PUB flag set.
LLE_STATIC generally means that the entry is not temporary (and personally I don't think that temporary entries can't be proxy ones).
LLE_IFADDR cannot be set by the user code. If there are concerns about this case, I'd add another check in lla_rt_output() instead off doing this in the runtime.

Finally, why not move it to in6_lltable_delete_entry() callback?

Worth introducing llt_post_resolved() (or similar) callback so we can move IPv4/IPv6 logic outside of if_llatbl.c,

I'd rather simplify this check to only verify LLE_PUB flag set.

I think your comment is reasonable. I'll simply the check to verify the LLE_PUB flag only and move the code to in6_llatable_delete_entry().

Worth introducing llt_post_resolved() (or similar) callback so we can move IPv4/IPv6 logic outside of if_llatbl.c,

Good idea! I'll post a separate diff that introduce the callback and move the existing ifdef INET/INET6s to the protocol specific code.

I'd prefer using existing bits&pieces that we have instead of introducing another layer of locking.

I'd suggest doing the following:

• mark lltable (for example, by introducing special bitflag has_proxy @ space of llat_af (which actually need only 1 byte)) as one containing proxy entries when adding the first one
• on interface destruction, acquire llt rlock, check if bit is set, if yes, unlink/grab all matching lles (similar to htable_prefix_free()) and delete them.

Could you factor out this code from in6_update_ifa_join_mc() into a separate function, which can be used both here and in in6_update_ifa_join_mc() so we don't duplicate the logic?

Nit: no need to check LLE_STATIC and LLE_IFADDR here.

I'd suggest doing the following:

• mark lltable (for example, by introducing special bitflag has_proxy @ space of llat_af (which actually need only 1 byte)) as one containing proxy entries when adding the first one

I have submitted D35323 to prepare for adding the member. Could you review it?

• on interface destruction, acquire llt rlock, check if bit is set, if yes, unlink/grab all matching lles (similar to htable_prefix_free()) and delete them.

I'll try to change the code as you proposed.

I've added lltable_flags_free() for purging LLEs on if_detach case. If I miss the point, let me know.

I've added in6_solicited_node_maddr() for factoring out the common part.

Fixed. Thanks!

Thank you for addressing the feedback!
Looks almost perfect, I'd just try to make it a bit more generic, factoring out the delete actions (that should be common) and the matching logic.
I've attached an example of what I have in mind.

Probably worth splitting add&delete use cases to the separation functions as they don't share anything except 1 line (in6_solicited_node_maddr).

Nit: probably be a bit simpler.

Nit: worth considering moving it out as a separate function? like, fill_proxyndp(struct infect *ifp, struct in6_addr *taddr, struct. sockaddr_dl *proxydl).
Should improve readability a bit.

Introduced lltable_delete_conditional() according to your advice.
The code has got much simpler, Thanks for your great advice!

Applied, thanks!

Applied.

Applied, readability gets improved indeed.