In D18904#405557, @karels wrote:

arprequest_internal would be better.

Can you explain your goal? Not sure what you are trying to solve with this rlock. Please, note that LAGG_RLOCK() is epoch_enter() and it seem used to make safe lagg_port reclamation using epoch_call().

Ah, yes, I remembered, this problem was introduced with route caching.

In D18769#400967, @hselasky wrote:

So, why you think that this is wrong and shouldn't happen?

Because then TCP loopback on non-lo0 link-local addresses won't work.

The current code would drop packets which are designated for loopback which use a link-local scope ID in the destination address or source address, because they won't match the lo0's scope ID.

• reordered some fields and reduced the size of hopstore6, now ip_fw_args fits into 128 bytes.
• the fwd code adjusted to use new hopstore6.

In D18690#398876, @gallatin wrote:

I really like collapsing all those pointers, and making the NULL checks flags. Great work.

I wonder if more collapsing could be done. For example, it seems like src_ip and dst_ip could share unions with src_ip6 and dst_ip6 in struct ipfw_flow_id(). That would take us down to 136 bytes. Only 8 more bytes and it would fit in 2 64 byte cachelines.

How would you merge it without breaking the ifnet KBI? We've got 3rd party network interfaces in ports, etc...

I think such method can be useful. Do you plan to merge it?

I'm inclined to agree. For tunneling interfaces I used global per-driver sx lock to prevent concurrent ioctl invocation. I think these drivers are not affected by this problem.

Looking at your description here, it seems if_bridge can be affected by this issue.

Can you provide an example, what another driver needs such method? Maybe it is enough to fix the problem locally in if_lagg for first time?

Added IFNET_RLOCK_NOSLEEP_ASSERT(). Removed whitespace changes.

LGTM.

Hi, Andrew, do you plan to merge this into stable/11? It would be nice to have these macros to be able make MFC.

added verbose mode for listing dynamic states
added ability to delete only dynamic states

In D17898#382455, @bz wrote:

To me this change seems wrong. The only caller for this function is exactly for the situation when the link-local address is missing.
If we are in the progress of "configuring" the interface and someone is already de-configuring it to me that sounds like a concurrency problem elsewhere.
This entire function seems to be based on the idea that there's a lock held around it and it's the only actor (which might very well still be coming from &Giant days of FreeBSD 4).
Rather than changing the behaviour, why don't we fix the problem and hold the appropriate lock (if possible) or make sure (otherwise) that the concurrency problem is solved?

In D17843#381487, @np wrote:

Does the tcpdump put the card in promiscuous mode or are you using -p? Anything seen by tcpdump should show up in a netstat that's running at the same time.

Hi, I have a report, that cxgbe driver doesn't take into account packets, that are received from mirrored port. So, when you run netstat -hw 1 -I cxl0 you will see no packets, but tcpdump will show them. It seems a bit confusing. I didn't checked this, so I might be wrong.