I don't understand why we need a separate data structure (priv).
I apologize if this seems like a stupid question, but wouldn't it be better to move ip6_gre.c and ip_gre.c into if_gre.c itself like other interfaces?

In D55398#1267078, @pouria wrote:

I don't understand why we need a separate data structure (priv).

When you issue ioctl that does some changes in softc, another thread can do transmission in the same time and use some data from softc.
To avoid access to not yet fully modified or already freed data you need to block transmission.
Or you can allocate new gre_priv structure for each modification and free old one using NET_EPOCH_CALL(). This allows avoid blocking of transmit thread and it uses always stable data while it works in net_epoch.

I apologize if this seems like a stupid question, but wouldn't it be better to move ip6_gre.c and ip_gre.c into if_gre.c itself like other interfaces?

I think that's how it happened historically, for some interfaces we have different files of INET and INET6 implementation.

Ahh, I think I see what's happening. While some time ago I was trying to diagnose PR 275474, I observed UAF and got messed up in mind.

So if it is obvious that the fast path is still accessing some ifnet private data ( socket in gre softc ), I think the quick fix should be signaling the fast path that the interface is going to be re-configured ?