]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/net/if_gif.c
xnu-6153.141.1.tar.gz
[apple/xnu.git] / bsd / net / if_gif.c
index c638758a2b8567cda568b481eab1ad888f873e34..9f9e6c574e74d9309de9e052002b133161edd7e2 100644 (file)
@@ -1,8 +1,8 @@
 /*
- * Copyright (c) 2000-2008 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2020 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
+ *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
- * 
+ *
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
+ *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
- * 
+ *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
-/*     $FreeBSD: src/sys/net/if_gif.c,v 1.4.2.6 2001/07/24 19:10:18 brooks Exp $       */
-/*     $KAME: if_gif.c,v 1.47 2001/05/01 05:28:42 itojun Exp $ */
+/* $FreeBSD: src/sys/net/if_gif.c,v 1.4.2.6 2001/07/24 19:10:18 brooks Exp $ */
+/* $KAME: if_gif.c,v 1.47 2001/05/01 05:28:42 itojun Exp $ */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -75,6 +75,7 @@
 #include <sys/syslog.h>
 #include <sys/protosw.h>
 #include <kern/cpu_number.h>
+#include <kern/zalloc.h>
 
 #include <net/if.h>
 #include <net/if_types.h>
 #include <net/bpf.h>
 #include <net/kpi_protocol.h>
 #include <net/kpi_interface.h>
+#include <net/init.h>
 
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
-#if    INET
+#if     INET
 #include <netinet/in_var.h>
 #include <netinet/in_gif.h>
 #include <netinet/ip_var.h>
-#endif /* INET */
+#endif  /* INET */
 
 #if INET6
 #include <netinet6/in6_var.h>
 #include <security/mac_framework.h>
 #endif
 
-#define GIFNAME                "gif"
-#define GIFDEV         "if_gif"
-#define GIF_MAXUNIT    0x7fff  /* ifp->if_unit is only 15 bits */
+#define GIFNAME         "gif"
+#define GIFDEV          "if_gif"
 
-#ifndef __APPLE__
-static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
-#endif
+#define GIF_MAXUNIT     IF_MAXUNIT
+#define GIF_ZONE_MAX_ELEM       MIN(IFNETS_MAX, GIF_MAXUNIT)
+
+/* gif lock variables */
+static lck_grp_t        *gif_mtx_grp;
+static lck_grp_attr_t   *gif_mtx_grp_attr;
+static lck_attr_t       *gif_mtx_attr;
+decl_lck_mtx_data(static, gif_mtx_data);
+static lck_mtx_t        *gif_mtx = &gif_mtx_data;
 
 TAILQ_HEAD(gifhead, gif_softc) gifs = TAILQ_HEAD_INITIALIZER(gifs);
 
-#ifdef __APPLE__
-void gifattach(void);
-static int gif_encapcheck(const struct mbuf*, int, int, void*);
+static int gif_encapcheck(const struct mbuf *, int, int, void *);
 static errno_t gif_output(ifnet_t ifp, mbuf_t m);
 static errno_t gif_input(ifnet_t ifp, protocol_family_t protocol_family,
-                                                mbuf_t m, char *frame_header);
+    mbuf_t m, char *frame_header);
 static errno_t gif_ioctl(ifnet_t ifp, u_long cmd, void *data);
 
-int ngif = 0;          /* number of interfaces */
-#endif
+static int ngif = 0;            /* number of interfaces */
 
 #if INET
-struct protosw in_gif_protosw =
-{ SOCK_RAW,    0,      0/*IPPROTO_IPV[46]*/,   PR_ATOMIC|PR_ADDR,
-  in_gif_input,        0,      0,              0,
-  0,
-  0,           0,      0,      0,      
-  0,
-  &rip_usrreqs,
-  0,           rip_unlock,     0, {0, 0}, 0, {0}
+static struct protosw in_gif_protosw =
+{
+       .pr_type =              SOCK_RAW,
+       .pr_protocol =          0, /* IPPROTO_IPV[46] */
+       .pr_flags =             PR_ATOMIC | PR_ADDR,
+       .pr_input =             in_gif_input,
+       .pr_usrreqs =           &rip_usrreqs,
+       .pr_unlock =            rip_unlock,
 };
 #endif
 #if INET6
-struct ip6protosw in6_gif_protosw =
-{ SOCK_RAW,    0,      0/*IPPROTO_IPV[46]*/,   PR_ATOMIC|PR_ADDR,
-  in6_gif_input, 0,            0,              0,
-  0,
-  0,           0,              0,              0,
-  0,  
-  &rip6_usrreqs,
-  0,           rip_unlock,             0, {0, 0}, 0, {0}
-
+static struct ip6protosw in6_gif_protosw =
+{
+       .pr_type =              SOCK_RAW,
+       .pr_protocol =          0, /* IPPROTO_IPV[46] */
+       .pr_flags =             PR_ATOMIC | PR_ADDR,
+       .pr_input =             in6_gif_input,
+       .pr_usrreqs =           &rip6_usrreqs,
+       .pr_unlock =            rip_unlock,
 };
 #endif
 
-static if_clone_t gif_cloner = NULL;
+static int gif_remove(struct ifnet *);
 static int gif_clone_create(struct if_clone *, uint32_t, void *);
 static int gif_clone_destroy(struct ifnet *);
 static void gif_delete_tunnel(struct gif_softc *);
+static void gif_detach(struct ifnet *);
 
-#ifdef __APPLE__
+static struct if_clone gif_cloner =
+    IF_CLONE_INITIALIZER(GIFNAME, gif_clone_create, gif_clone_destroy,
+    0, GIF_MAXUNIT, GIF_ZONE_MAX_ELEM, sizeof(struct gif_softc));
 /*
  * Theory of operation: initially, one gif interface is created.
  * Any time a gif interface is configured, if there are no other
@@ -172,178 +178,217 @@ static void gif_delete_tunnel(struct gif_softc *);
  */
 
 /* GIF interface module support */
-static int gif_demux(
-    ifnet_t                                    ifp,
-    __unused mbuf_t                    m,
-    __unused char                      *frame_header,
-    protocol_family_t          *protocol_family)
+static int
+gif_demux(
+       ifnet_t ifp,
+       __unused mbuf_t m,
+       __unused char *frame_header,
+       protocol_family_t *protocol_family)
 {
+       struct gif_softc *sc = ifnet_softc(ifp);
+
+       GIF_LOCK(sc);
        /* Only one protocol may be attached to a gif interface. */
-       *protocol_family = ((struct gif_softc*)ifnet_softc(ifp))->gif_proto;
-       
+       *protocol_family = sc->gif_proto;
+       GIF_UNLOCK(sc);
+
        return 0;
 }
 
 static errno_t
 gif_add_proto(
-       ifnet_t                                                                 ifp,
-       protocol_family_t                                               protocol_family,
-       __unused const struct ifnet_demux_desc  *demux_array,
-       __unused u_int32_t                                              demux_count)
+       ifnet_t ifp,
+       protocol_family_t protocol_family,
+       __unused const struct ifnet_demux_desc *demux_array,
+       __unused u_int32_t demux_count)
 {
        /* Only one protocol may be attached at a time */
-       struct gif_softc* gif = ifnet_softc(ifp);
+       struct gif_softc *sc = ifnet_softc(ifp);
 
-       if (gif->gif_proto != 0)
-               printf("gif_add_proto: request add_proto for gif%d\n", ifnet_unit(ifp));
+       GIF_LOCK(sc);
+       if (sc->gif_proto != 0) {
+               printf("gif_add_proto: request add_proto for gif%d\n",
+                   ifnet_unit(ifp));
+       }
 
-       gif->gif_proto = protocol_family;
+       sc->gif_proto = protocol_family;
+       GIF_UNLOCK(sc);
 
        return 0;
 }
 
 static errno_t
 gif_del_proto(
-       ifnet_t                         ifp,
-       protocol_family_t       protocol_family)
+       ifnet_t ifp,
+       protocol_family_t protocol_family)
 {
-       if (((struct gif_softc*)ifnet_softc(ifp))->gif_proto == protocol_family)
-               ((struct gif_softc*)ifnet_softc(ifp))->gif_proto = 0;
-       
+       struct gif_softc *sc = ifnet_softc(ifp);
+
+       GIF_LOCK(sc);
+       if (sc->gif_proto == protocol_family) {
+               sc->gif_proto = 0;
+       }
+       GIF_UNLOCK(sc);
+
        return 0;
 }
 
 /* Glue code to attach inet to a gif interface through DLIL */
 static errno_t
 gif_attach_proto_family(
-       ifnet_t                         ifp,
-       protocol_family_t       protocol_family)
+       ifnet_t ifp,
+       protocol_family_t protocol_family)
 {
-    struct ifnet_attach_proto_param    reg;
-    errno_t                                                    stat;
+       struct ifnet_attach_proto_param reg;
+       errno_t stat;
 
        bzero(&reg, sizeof(reg));
-    reg.input            = gif_input;
+       reg.input = gif_input;
 
-    stat = ifnet_attach_protocol(ifp, protocol_family, &reg);
-    if (stat && stat != EEXIST) {
-        printf("gif_attach_proto_family can't attach interface fam=%d\n",
-                  protocol_family);
-    }
+       stat = ifnet_attach_protocol(ifp, protocol_family, &reg);
+       if (stat && stat != EEXIST) {
+               printf("gif_attach_proto_family can't attach interface  \
+                   fam=%d\n", protocol_family);
+       }
 
-    return stat;
+       return stat;
 }
 
-#endif
-
 /* Function to setup the first gif interface */
-__private_extern__ void
-gifattach(void)
+void
+gif_init(void)
 {
        errno_t result;
-       struct ifnet_clone_params ifnet_clone_params;
-       struct if_clone *ifc = NULL; 
 
-       /* Init the list of interfaces */
+       /* Initialize the list of interfaces */
        TAILQ_INIT(&gifs);
 
+       /* Initialize the gif global lock */
+       gif_mtx_grp_attr = lck_grp_attr_alloc_init();
+       gif_mtx_grp = lck_grp_alloc_init("gif", gif_mtx_grp_attr);
+       gif_mtx_attr = lck_attr_alloc_init();
+       lck_mtx_init(gif_mtx, gif_mtx_grp, gif_mtx_attr);
+
        /* Register protocol registration functions */
        result = proto_register_plumber(PF_INET, APPLE_IF_FAM_GIF,
-                                                                       gif_attach_proto_family, NULL);
-       if (result != 0)
-               printf("proto_register_plumber failed for AF_INET error=%d\n", result);
-       
-       result = proto_register_plumber(PF_INET6, APPLE_IF_FAM_GIF,
-                                                                       gif_attach_proto_family, NULL);
-       if (result != 0)
-               printf("proto_register_plumber failed for AF_INET6 error=%d\n", result);
+           gif_attach_proto_family, NULL);
+       if (result != 0) {
+               printf("proto_register_plumber failed for AF_INET error=%d\n",
+                   result);
+       }
 
-       ifnet_clone_params.ifc_name = "gif";
-       ifnet_clone_params.ifc_create = gif_clone_create;
-       ifnet_clone_params.ifc_destroy = gif_clone_destroy;
+       result = proto_register_plumber(PF_INET6, APPLE_IF_FAM_GIF,
+           gif_attach_proto_family, NULL);
+       if (result != 0) {
+               printf("proto_register_plumber failed for AF_INET6 error=%d\n",
+                   result);
+       }
 
-       result = ifnet_clone_attach(&ifnet_clone_params, &gif_cloner);
-       if (result != 0)
-               printf("gifattach: ifnet_clone_attach failed %d\n", result);
+       result = if_clone_attach(&gif_cloner);
+       if (result != 0) {
+               panic("%s: if_clone_attach() failed, error %d\n", __func__, result);
+       }
 
-       /* Create first device */
-       ifc = if_clone_lookup("gif", NULL);
-       gif_clone_create(ifc, 0, NULL);
+       gif_clone_create(&gif_cloner, 0, NULL);
 }
 
 static errno_t
 gif_set_bpf_tap(
-       ifnet_t                 ifp,
-       bpf_tap_mode    mode,
-       bpf_packet_func callback)
+       ifnet_t ifp,
+       bpf_tap_mode mode,
+       bpf_packet_func callback)
 {
-       struct gif_softc        *sc = ifnet_softc(ifp);
-       
+       struct gif_softc *sc = ifnet_softc(ifp);
+
+       GIF_LOCK(sc);
        sc->tap_mode = mode;
        sc->tap_callback = callback;
-       
+       GIF_UNLOCK(sc);
+
        return 0;
 }
 
+static void
+gif_detach(struct ifnet *ifp)
+{
+       struct gif_softc *sc = ifp->if_softc;
+       lck_mtx_destroy(&sc->gif_lock, gif_mtx_grp);
+       if_clone_softc_deallocate(&gif_cloner, sc);
+       ifp->if_softc = NULL;
+       (void) ifnet_release(ifp);
+}
 
 static int
 gif_clone_create(struct if_clone *ifc, uint32_t unit, __unused void *params)
 {
-       struct gif_softc        *sc = NULL;
-       struct ifnet_init_params gif_init;
-       errno_t result = 0;
+       struct gif_softc *sc = NULL;
+       struct ifnet_init_eparams gif_init_params;
+       errno_t error = 0;
+
+       lck_mtx_lock(gif_mtx);
 
        /* Can't create more than GIF_MAXUNIT */
-       if (ngif >= GIF_MAXUNIT)
-               return (ENXIO);
+       if (ngif >= GIF_MAXUNIT) {
+               error = ENXIO;
+               goto done;
+       }
 
-       sc = _MALLOC(sizeof(struct gif_softc), M_DEVBUF, M_WAITOK);
+       sc = if_clone_softc_allocate(&gif_cloner);
        if (sc == NULL) {
-               log(LOG_ERR, "gif_clone_create: failed to allocate gif%d\n", unit);
-               return ENOBUFS;
+               log(LOG_ERR, "gif_clone_create: failed to allocate gif%d\n",
+                   unit);
+               error = ENOBUFS;
+               goto done;
        }
-       bzero(sc, sizeof(struct gif_softc));
 
        /* use the interface name as the unique id for ifp recycle */
        snprintf(sc->gif_ifname, sizeof(sc->gif_ifname), "%s%d",
-                       ifc->ifc_name, unit);
-
-       bzero(&gif_init, sizeof(gif_init));
-       gif_init.uniqueid = sc->gif_ifname;
-       gif_init.uniqueid_len = strlen(sc->gif_ifname);
-       gif_init.name = GIFNAME;
-       gif_init.unit = unit;
-       gif_init.type = IFT_GIF;
-       gif_init.family = IFNET_FAMILY_GIF;
-       gif_init.output = gif_output;
-       gif_init.demux = gif_demux;
-       gif_init.add_proto = gif_add_proto;
-       gif_init.del_proto = gif_del_proto;
-       gif_init.softc = sc;
-       gif_init.ioctl = gif_ioctl;
-       gif_init.set_bpf_tap = gif_set_bpf_tap;
-
-       result = ifnet_allocate(&gif_init, &sc->gif_if);
-       if (result != 0) {
-               printf("gif_clone_create, ifnet_allocate failed - %d\n", result);
-               _FREE(sc, M_DEVBUF);
-               return ENOBUFS;
+           ifc->ifc_name, unit);
+
+       lck_mtx_init(&sc->gif_lock, gif_mtx_grp, gif_mtx_attr);
+
+       bzero(&gif_init_params, sizeof(gif_init_params));
+       gif_init_params.ver = IFNET_INIT_CURRENT_VERSION;
+       gif_init_params.len = sizeof(gif_init_params);
+       gif_init_params.flags = IFNET_INIT_LEGACY;
+       gif_init_params.uniqueid = sc->gif_ifname;
+       gif_init_params.uniqueid_len = strlen(sc->gif_ifname);
+       gif_init_params.name = GIFNAME;
+       gif_init_params.unit = unit;
+       gif_init_params.type = IFT_GIF;
+       gif_init_params.family = IFNET_FAMILY_GIF;
+       gif_init_params.output = gif_output;
+       gif_init_params.demux = gif_demux;
+       gif_init_params.add_proto = gif_add_proto;
+       gif_init_params.del_proto = gif_del_proto;
+       gif_init_params.softc = sc;
+       gif_init_params.ioctl = gif_ioctl;
+       gif_init_params.set_bpf_tap = gif_set_bpf_tap;
+       gif_init_params.detach = gif_detach;
+
+       error = ifnet_allocate_extended(&gif_init_params, &sc->gif_if);
+       if (error != 0) {
+               printf("gif_clone_create, ifnet_allocate failed - %d\n", error);
+               if_clone_softc_deallocate(&gif_cloner, sc);
+               error = ENOBUFS;
+               goto done;
        }
 
        sc->encap_cookie4 = sc->encap_cookie6 = NULL;
 #if INET
        sc->encap_cookie4 = encap_attach_func(AF_INET, -1,
-                       gif_encapcheck, &in_gif_protosw, sc);
+           gif_encapcheck, &in_gif_protosw, sc);
        if (sc->encap_cookie4 == NULL) {
                printf("%s: unable to attach encap4\n", if_name(sc->gif_if));
                ifnet_release(sc->gif_if);
-               FREE(sc, M_DEVBUF);
-               return ENOBUFS;
+               if_clone_softc_deallocate(&gif_cloner, sc);
+               error = ENOBUFS;
+               goto done;
        }
 #endif
 #if INET6
        sc->encap_cookie6 = encap_attach_func(AF_INET6, -1,
-           gif_encapcheck, (struct protosw*)&in6_gif_protosw, sc);
+           gif_encapcheck, (struct protosw *)&in6_gif_protosw, sc);
        if (sc->encap_cookie6 == NULL) {
                if (sc->encap_cookie4) {
                        encap_detach(sc->encap_cookie4);
@@ -351,8 +396,9 @@ gif_clone_create(struct if_clone *ifc, uint32_t unit, __unused void *params)
                }
                printf("%s: unable to attach encap6\n", if_name(sc->gif_if));
                ifnet_release(sc->gif_if);
-               FREE(sc, M_DEVBUF);
-               return ENOBUFS;
+               if_clone_softc_deallocate(&gif_cloner, sc);
+               error = ENOBUFS;
+               goto done;
        }
 #endif
        sc->gif_called = 0;
@@ -362,9 +408,10 @@ gif_clone_create(struct if_clone *ifc, uint32_t unit, __unused void *params)
        /* turn off ingress filter */
        sc->gif_if.if_flags  |= IFF_LINK2;
 #endif
-       result = ifnet_attach(sc->gif_if, NULL);
-       if (result != 0) {
-               printf("gif_clone_create - ifnet_attach failed - %d\n", result);
+       sc->gif_flags |= IFGIF_DETACHING;
+       error = ifnet_attach(sc->gif_if, NULL);
+       if (error != 0) {
+               printf("gif_clone_create - ifnet_attach failed - %d\n", error);
                ifnet_release(sc->gif_if);
                if (sc->encap_cookie4) {
                        encap_detach(sc->encap_cookie4);
@@ -374,51 +421,97 @@ gif_clone_create(struct if_clone *ifc, uint32_t unit, __unused void *params)
                        encap_detach(sc->encap_cookie6);
                        sc->encap_cookie6 = NULL;
                }
-               FREE(sc, M_DEVBUF);
-               return result;
+               if_clone_softc_deallocate(&gif_cloner, sc);
+               goto done;
        }
 #if CONFIG_MACF_NET
        mac_ifnet_label_init(&sc->gif_if);
 #endif
        bpfattach(sc->gif_if, DLT_NULL, sizeof(u_int));
+       sc->gif_flags &= ~IFGIF_DETACHING;
        TAILQ_INSERT_TAIL(&gifs, sc, gif_link);
        ngif++;
-       return 0;
+done:
+       lck_mtx_unlock(gif_mtx);
+
+       return error;
 }
 
 static int
-gif_clone_destroy(struct ifnet *ifp)
+gif_remove(struct ifnet *ifp)
 {
-#if defined(INET) || defined(INET6)
-       int err = 0;
-#endif
-       struct gif_softc *sc = ifp->if_softc;
+       int error = 0;
+       struct gif_softc *sc = NULL;
+       const struct encaptab *encap_cookie4 = NULL;
+       const struct encaptab *encap_cookie6 = NULL;
+
+       lck_mtx_lock(gif_mtx);
+       sc = ifp->if_softc;
+
+       if (sc == NULL) {
+               error = EINVAL;
+               goto done;
+       }
+
+       GIF_LOCK(sc);
+       if (sc->gif_flags & IFGIF_DETACHING) {
+               error = EINVAL;
+               goto done;
+       }
 
+       sc->gif_flags |= IFGIF_DETACHING;
        TAILQ_REMOVE(&gifs, sc, gif_link);
+       ngif--;
 
        gif_delete_tunnel(sc);
 #ifdef INET6
-       if (sc->encap_cookie6 != NULL) {
-               err = encap_detach(sc->encap_cookie6);
-               KASSERT(err == 0, ("gif_clone_destroy: Unexpected error detaching encap_cookie6"));
-       }
+       encap_cookie6 = sc->encap_cookie6;
 #endif
 #ifdef INET
-       if (sc->encap_cookie4 != NULL) {
-               err = encap_detach(sc->encap_cookie4);
-               KASSERT(err == 0, ("gif_clone_destroy: Unexpected error detaching encap_cookie4"));
-       }
+       encap_cookie4 = sc->encap_cookie4;
 #endif
-       err = ifnet_set_flags(ifp, 0, IFF_UP);
-       if (err != 0) {
-               printf("gif_clone_destroy: ifnet_set_flags failed %d\n", err);
+done:
+       if (sc != NULL) {
+               GIF_UNLOCK(sc);
        }
+       lck_mtx_unlock(gif_mtx);
 
-       err = ifnet_detach(ifp);
-       if (err != 0)
-               panic("gif_clone_destroy: ifnet_detach(%p) failed %d\n", ifp, err);
-       FREE(sc, M_DEVBUF);
-       ngif--;
+       if (encap_cookie6 != NULL) {
+               error = encap_detach(encap_cookie6);
+               KASSERT(error == 0, ("gif_clone_destroy: Unexpected "
+                   "error detaching encap_cookie6"));
+       }
+
+       if (encap_cookie4 != NULL) {
+               error = encap_detach(encap_cookie4);
+               KASSERT(error == 0, ("gif_clone_destroy: Unexpected "
+                   "error detaching encap_cookie4"));
+       }
+
+       return error;
+}
+
+static int
+gif_clone_destroy(struct ifnet *ifp)
+{
+       int error = 0;
+
+       error = gif_remove(ifp);
+       if (error != 0) {
+               printf("gif_clone_destroy: gif remove failed %d\n", error);
+               return error;
+       }
+
+       error = ifnet_set_flags(ifp, 0, IFF_UP);
+       if (error != 0) {
+               printf("gif_clone_destroy: ifnet_set_flags failed %d\n", error);
+       }
+
+       error = ifnet_detach(ifp);
+       if (error != 0) {
+               panic("gif_clone_destroy: ifnet_detach(%p) failed %d\n", ifp,
+                   error);
+       }
        return 0;
 }
 
@@ -429,19 +522,24 @@ gif_encapcheck(
        int proto,
        void *arg)
 {
+       int error = 0;
        struct ip ip;
        struct gif_softc *sc;
 
        sc = (struct gif_softc *)arg;
-       if (sc == NULL)
-               return 0;
+       if (sc == NULL) {
+               return error;
+       }
 
-       if ((ifnet_flags(sc->gif_if) & IFF_UP) == 0)
-               return 0;
+       GIF_LOCK(sc);
+       if ((ifnet_flags(sc->gif_if) & IFF_UP) == 0) {
+               goto done;
+       }
 
        /* no physical address */
-       if (!sc->gif_psrc || !sc->gif_pdst)
-               return 0;
+       if (!sc->gif_psrc || !sc->gif_pdst) {
+               goto done;
+       }
 
        switch (proto) {
 #if INET
@@ -453,7 +551,7 @@ gif_encapcheck(
                break;
 #endif
        default:
-               return 0;
+               goto done;
        }
 
        mbuf_copydata((struct mbuf *)(size_t)m, 0, sizeof(ip), &ip);
@@ -462,51 +560,70 @@ gif_encapcheck(
 #if INET
        case 4:
                if (sc->gif_psrc->sa_family != AF_INET ||
-                   sc->gif_pdst->sa_family != AF_INET)
-                       return 0;
-               return gif_encapcheck4(m, off, proto, arg);
+                   sc->gif_pdst->sa_family != AF_INET) {
+                       goto done;
+               }
+               error = gif_encapcheck4(m, off, proto, arg);
 #endif
 #if INET6
        case 6:
                if (sc->gif_psrc->sa_family != AF_INET6 ||
-                   sc->gif_pdst->sa_family != AF_INET6)
-                       return 0;
-               return gif_encapcheck6(m, off, proto, arg);
+                   sc->gif_pdst->sa_family != AF_INET6) {
+                       goto done;
+               }
+               error = gif_encapcheck6(m, off, proto, arg);
 #endif
        default:
-               return 0;
+               goto done;
        }
+done:
+       GIF_UNLOCK(sc);
+       return error;
 }
 
 static errno_t
 gif_output(
-       ifnet_t         ifp,
-       mbuf_t          m)
+       ifnet_t ifp,
+       mbuf_t m)
 {
        struct gif_softc *sc = ifnet_softc(ifp);
+       struct sockaddr *gif_psrc;
+       struct sockaddr *gif_pdst;
        int error = 0;
-       
+
+       GIF_LOCK(sc);
+       gif_psrc = sc->gif_psrc;
+       gif_pdst = sc->gif_pdst;
+       GIF_UNLOCK(sc);
+
        /*
-          max_gif_nesting check used to live here. It doesn't anymore
-          because there is no guaruntee that we won't be called
-          concurrently from more than one thread.
+        * max_gif_nesting check used to live here. It doesn't anymore
+        * because there is no guaruntee that we won't be called
+        * concurrently from more than one thread.
         */
-       
-       m->m_flags &= ~(M_BCAST|M_MCAST);
+       m->m_flags &= ~(M_BCAST | M_MCAST);
        if (!(ifnet_flags(ifp) & IFF_UP) ||
-           sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
+           gif_psrc == NULL || gif_pdst == NULL) {
                ifnet_touch_lastchange(ifp);
-               m_freem(m);     /* free it here not in dlil_output */
+               m_freem(m);     /* free it here not in dlil_output */
                error = ENETDOWN;
                goto end;
        }
 
        bpf_tap_out(ifp, 0, m, &sc->gif_proto, sizeof(sc->gif_proto));
-       
+
+       GIF_LOCK(sc);
+
        /* inner AF-specific encapsulation */
 
        /* XXX should we check if our outer source is legal? */
 
+       /*
+        * Save the length as m may be free by the output functions
+        * as they call m_pullup
+        */
+       u_int32_t bytes_out = m->m_pkthdr.len;
+
        /* dispatch to output logic based on outer AF */
        switch (sc->gif_psrc->sa_family) {
 #if INET
@@ -521,19 +638,20 @@ gif_output(
 #endif
        default:
                error = ENETDOWN;
-               goto end;
+               break;
        }
 
-  end:
+       GIF_UNLOCK(sc);
+end:
        if (error) {
                /* the mbuf was freed either by in_gif_output or in here */
                ifnet_stat_increment_out(ifp, 0, 0, 1);
+       } else {
+               ifnet_stat_increment_out(ifp, 1, bytes_out, 0);
        }
-       else {
-               ifnet_stat_increment_out(ifp, 1, m->m_pkthdr.len, 0);
-       }
-       if (error == 0) 
+       if (error == 0) {
                error = EJUSTRETURN; /* if no error, packet got sent already */
+       }
        return error;
 }
 
@@ -542,13 +660,13 @@ gif_output(
  */
 static errno_t
 gif_input(
-       ifnet_t                         ifp,
-       protocol_family_t       protocol_family,
-       mbuf_t                          m,
-       __unused char           *frame_header)
+       ifnet_t ifp,
+       protocol_family_t protocol_family,
+       mbuf_t m,
+       __unused char *frame_header)
 {
        struct gif_softc *sc = ifnet_softc(ifp);
-       
+
        bpf_tap_in(ifp, 0, m, &sc->gif_proto, sizeof(sc->gif_proto));
 
        /*
@@ -563,24 +681,26 @@ gif_input(
         * it occurs more times than we thought, we may change the policy
         * again.
         */
+       int32_t pktlen = m->m_pkthdr.len;
        if (proto_input(protocol_family, m) != 0) {
                ifnet_stat_increment_in(ifp, 0, 0, 1);
                m_freem(m);
-       } else
-               ifnet_stat_increment_in(ifp, 1, m->m_pkthdr.len, 0);
+       } else {
+               ifnet_stat_increment_in(ifp, 1, pktlen, 0);
+       }
 
-       return (0);
+       return 0;
 }
 
 /* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
 static errno_t
 gif_ioctl(
-       ifnet_t                 ifp,
-       u_long                  cmd,
-       void                    *data)
+       ifnet_t                 ifp,
+       u_long                  cmd,
+       void                    *data)
 {
        struct gif_softc *sc  = ifnet_softc(ifp);
-       struct ifreq     *ifr = (struct ifreq*)data;
+       struct ifreq *ifr = (struct ifreq *)data;
        int error = 0, size;
        struct sockaddr *dst = NULL, *src = NULL;
        struct sockaddr *sa;
@@ -598,20 +718,20 @@ gif_ioctl(
        case SIOCDELMULTI:
                break;
 
-#ifdef SIOCSIFMTU /* xxx */
+#ifdef  SIOCSIFMTU /* xxx */
        case SIOCGIFMTU:
                break;
 
        case SIOCSIFMTU:
-               {
-                       u_int32_t mtu;
-                       mtu = ifr->ifr_mtu;
-                       if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) {
-                               return (EINVAL);
-                       }
-                       ifnet_set_mtu(ifp, mtu);
+       {
+               u_int32_t mtu;
+               mtu = ifr->ifr_mtu;
+               if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) {
+                       return EINVAL;
                }
-               break;
+               ifnet_set_mtu(ifp, mtu);
+       }
+       break;
 #endif /* SIOCSIFMTU */
 
        case SIOCSIFPHYADDR:
@@ -619,14 +739,13 @@ gif_ioctl(
        case SIOCSIFPHYADDR_IN6_32:
        case SIOCSIFPHYADDR_IN6_64:
 #endif /* INET6 */
-       case SIOCSLIFPHYADDR:
                switch (cmd) {
 #if INET
                case SIOCSIFPHYADDR:
                        src = (struct sockaddr *)
-                               &(((struct in_aliasreq *)data)->ifra_addr);
+                           &(((struct in_aliasreq *)data)->ifra_addr);
                        dst = (struct sockaddr *)
-                               &(((struct in_aliasreq *)data)->ifra_dstaddr);
+                           &(((struct in_aliasreq *)data)->ifra_dstaddr);
                        break;
 #endif
 #if INET6
@@ -648,29 +767,27 @@ gif_ioctl(
                        break;
                }
 #endif
-               case SIOCSLIFPHYADDR:
-                       src = (struct sockaddr *)
-                               &(((struct if_laddrreq *)data)->addr);
-                       dst = (struct sockaddr *)
-                               &(((struct if_laddrreq *)data)->dstaddr);
                }
 
                /* sa_family must be equal */
-               if (src->sa_family != dst->sa_family)
+               if (src->sa_family != dst->sa_family) {
                        return EINVAL;
+               }
 
                /* validate sa_len */
                switch (src->sa_family) {
 #if INET
                case AF_INET:
-                       if (src->sa_len != sizeof(struct sockaddr_in))
+                       if (src->sa_len != sizeof(struct sockaddr_in)) {
                                return EINVAL;
+                       }
                        break;
 #endif
 #if INET6
                case AF_INET6:
-                       if (src->sa_len != sizeof(struct sockaddr_in6))
+                       if (src->sa_len != sizeof(struct sockaddr_in6)) {
                                return EINVAL;
+                       }
                        break;
 #endif
                default:
@@ -679,14 +796,16 @@ gif_ioctl(
                switch (dst->sa_family) {
 #if INET
                case AF_INET:
-                       if (dst->sa_len != sizeof(struct sockaddr_in))
+                       if (dst->sa_len != sizeof(struct sockaddr_in)) {
                                return EINVAL;
+                       }
                        break;
 #endif
 #if INET6
                case AF_INET6:
-                       if (dst->sa_len != sizeof(struct sockaddr_in6))
+                       if (dst->sa_len != sizeof(struct sockaddr_in6)) {
                                return EINVAL;
+                       }
                        break;
 #endif
                default:
@@ -696,39 +815,65 @@ gif_ioctl(
                /* check sa_family looks sane for the cmd */
                switch (cmd) {
                case SIOCSIFPHYADDR:
-                       if (src->sa_family == AF_INET)
+                       if (src->sa_family == AF_INET) {
                                break;
+                       }
                        return EAFNOSUPPORT;
 #if INET6
                case SIOCSIFPHYADDR_IN6_32:
                case SIOCSIFPHYADDR_IN6_64:
-                       if (src->sa_family == AF_INET6)
+                       if (src->sa_family == AF_INET6) {
                                break;
+                       }
                        return EAFNOSUPPORT;
 #endif /* INET6 */
-               case SIOCSLIFPHYADDR:
-                       /* checks done in the above */
-                       break;
                }
 
+#define GIF_ORDERED_LOCK(sc, sc2)       \
+       if (sc < sc2) {                 \
+               GIF_LOCK(sc);           \
+               GIF_LOCK(sc2);          \
+       } else {                        \
+               GIF_LOCK(sc2);          \
+               GIF_LOCK(sc);           \
+       }
+
+#define GIF_ORDERED_UNLOCK(sc, sc2)     \
+       if (sc > sc2) {                 \
+               GIF_UNLOCK(sc);         \
+               GIF_UNLOCK(sc2);        \
+       } else {                        \
+               GIF_UNLOCK(sc2);        \
+               GIF_UNLOCK(sc);         \
+       }
+
                ifnet_head_lock_shared();
                TAILQ_FOREACH(ifp2, &ifnet_head, if_link) {
-                       if (strcmp(ifnet_name(ifp2), GIFNAME) != 0)
+                       if (strcmp(ifnet_name(ifp2), GIFNAME) != 0) {
                                continue;
+                       }
                        sc2 = ifnet_softc(ifp2);
-                       if (sc2 == sc)
+                       if (sc2 == sc) {
                                continue;
-                       if (!sc2->gif_pdst || !sc2->gif_psrc)
+                       }
+                       /* lock sc and sc2 in increasing order of ifnet index */
+                       GIF_ORDERED_LOCK(sc, sc2);
+                       if (!sc2->gif_pdst || !sc2->gif_psrc) {
+                               GIF_ORDERED_UNLOCK(sc, sc2);
                                continue;
+                       }
                        if (sc2->gif_pdst->sa_family != dst->sa_family ||
                            sc2->gif_pdst->sa_len != dst->sa_len ||
                            sc2->gif_psrc->sa_family != src->sa_family ||
-                           sc2->gif_psrc->sa_len != src->sa_len)
+                           sc2->gif_psrc->sa_len != src->sa_len) {
+                               GIF_ORDERED_UNLOCK(sc, sc2);
                                continue;
+                       }
 #ifndef XBONEHACK
                        /* can't configure same pair of address onto two gifs */
                        if (bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 &&
                            bcmp(sc2->gif_psrc, src, src->sa_len) == 0) {
+                               GIF_ORDERED_UNLOCK(sc, sc2);
                                error = EADDRNOTAVAIL;
                                ifnet_head_done();
                                goto bad;
@@ -740,10 +885,12 @@ gif_ioctl(
        (((struct sockaddr_in *)(void *)(x))->sin_addr.s_addr == INADDR_ANY)
 #if INET6
 #define multidest6(x) \
-       (IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)(void *)(x))->sin6_addr))
+       (IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)      \
+           (void *)(x))->sin6_addr))
 #endif
                        if (dst->sa_family == AF_INET &&
                            multidest(dst) && multidest(sc2->gif_pdst)) {
+                               GIF_ORDERED_UNLOCK(sc, sc2);
                                error = EADDRNOTAVAIL;
                                ifnet_head_done();
                                goto bad;
@@ -751,54 +898,71 @@ gif_ioctl(
 #if INET6
                        if (dst->sa_family == AF_INET6 &&
                            multidest6(dst) && multidest6(sc2->gif_pdst)) {
+                               GIF_ORDERED_UNLOCK(sc, sc2);
                                error = EADDRNOTAVAIL;
                                ifnet_head_done();
                                goto bad;
                        }
 #endif
+                       GIF_ORDERED_UNLOCK(sc, sc2);
                }
                ifnet_head_done();
 
-               if (sc->gif_psrc)
-                       FREE((caddr_t)sc->gif_psrc, M_IFADDR);
-               sa = (struct sockaddr *)_MALLOC(src->sa_len, M_IFADDR, M_WAITOK);
-               if (sa == NULL)
+               GIF_LOCK(sc);
+               if (sc->gif_psrc) {
+                       FREE(sc->gif_psrc, M_IFADDR);
+               }
+               sa = (struct sockaddr *)_MALLOC(src->sa_len, M_IFADDR,
+                   M_WAITOK);
+               if (sa == NULL) {
+                       GIF_UNLOCK(sc);
                        return ENOBUFS;
+               }
                bcopy((caddr_t)src, (caddr_t)sa, src->sa_len);
                sc->gif_psrc = sa;
 
-               if (sc->gif_pdst)
-                       FREE((caddr_t)sc->gif_pdst, M_IFADDR);
-               sa = (struct sockaddr *)_MALLOC(dst->sa_len, M_IFADDR, M_WAITOK);
-               if (sa == NULL)
-                       return ENOBUFS; 
+               if (sc->gif_pdst) {
+                       FREE(sc->gif_pdst, M_IFADDR);
+               }
+               sa = (struct sockaddr *)_MALLOC(dst->sa_len, M_IFADDR,
+                   M_WAITOK);
+               if (sa == NULL) {
+                       GIF_UNLOCK(sc);
+                       return ENOBUFS;
+               }
                bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len);
                sc->gif_pdst = sa;
+               GIF_UNLOCK(sc);
+
+               ifnet_set_flags(ifp, IFF_RUNNING | IFF_UP, IFF_RUNNING |
+                   IFF_UP);
 
-               ifnet_set_flags(ifp, IFF_RUNNING | IFF_UP, IFF_RUNNING | IFF_UP);
-               
                error = 0;
                break;
 
 #ifdef SIOCDIFPHYADDR
        case SIOCDIFPHYADDR:
+               GIF_LOCK(sc);
                if (sc->gif_psrc) {
-                       FREE((caddr_t)sc->gif_psrc, M_IFADDR);
+                       FREE(sc->gif_psrc, M_IFADDR);
                        sc->gif_psrc = NULL;
                }
                if (sc->gif_pdst) {
-                       FREE((caddr_t)sc->gif_pdst, M_IFADDR);
+                       FREE(sc->gif_pdst, M_IFADDR);
                        sc->gif_pdst = NULL;
                }
+               GIF_UNLOCK(sc);
                /* change the IFF_{UP, RUNNING} flag as well? */
                break;
 #endif
-                       
+
        case SIOCGIFPSRCADDR:
 #if INET6
        case SIOCGIFPSRCADDR_IN6:
 #endif /* INET6 */
+               GIF_LOCK(sc);
                if (sc->gif_psrc == NULL) {
+                       GIF_UNLOCK(sc);
                        error = EADDRNOTAVAIL;
                        goto bad;
                }
@@ -813,24 +977,30 @@ gif_ioctl(
 #if INET6
                case SIOCGIFPSRCADDR_IN6:
                        dst = (struct sockaddr *)
-                               &(((struct in6_ifreq *)data)->ifr_addr);
+                           &(((struct in6_ifreq *)data)->ifr_addr);
                        size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
                        break;
 #endif /* INET6 */
                default:
+                       GIF_UNLOCK(sc);
                        error = EADDRNOTAVAIL;
                        goto bad;
                }
-               if (src->sa_len > size)
+               if (src->sa_len > size) {
+                       GIF_UNLOCK(sc);
                        return EINVAL;
+               }
                bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
+               GIF_UNLOCK(sc);
                break;
-                       
+
        case SIOCGIFPDSTADDR:
 #if INET6
        case SIOCGIFPDSTADDR_IN6:
 #endif /* INET6 */
+               GIF_LOCK(sc);
                if (sc->gif_pdst == NULL) {
+                       GIF_UNLOCK(sc);
                        error = EADDRNOTAVAIL;
                        goto bad;
                }
@@ -845,42 +1015,21 @@ gif_ioctl(
 #if INET6
                case SIOCGIFPDSTADDR_IN6:
                        dst = (struct sockaddr *)
-                               &(((struct in6_ifreq *)data)->ifr_addr);
+                           &(((struct in6_ifreq *)data)->ifr_addr);
                        size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
                        break;
 #endif /* INET6 */
                default:
                        error = EADDRNOTAVAIL;
+                       GIF_UNLOCK(sc);
                        goto bad;
                }
-               if (src->sa_len > size)
+               if (src->sa_len > size) {
+                       GIF_UNLOCK(sc);
                        return EINVAL;
-               bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
-               break;
-
-       case SIOCGLIFPHYADDR:
-               if (sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
-                       error = EADDRNOTAVAIL;
-                       goto bad;
                }
-
-               /* copy src */
-               src = sc->gif_psrc;
-               dst = (struct sockaddr *)
-                       &(((struct if_laddrreq *)data)->addr);
-               size = sizeof(((struct if_laddrreq *)data)->addr);
-               if (src->sa_len > size)
-                       return EINVAL;
-               bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
-
-               /* copy dst */
-               src = sc->gif_pdst;
-               dst = (struct sockaddr *)
-                       &(((struct if_laddrreq *)data)->dstaddr);
-               size = sizeof(((struct if_laddrreq *)data)->dstaddr);
-               if (src->sa_len > size)
-                       return EINVAL;
                bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
+               GIF_UNLOCK(sc);
                break;
 
        case SIOCSIFFLAGS:
@@ -891,24 +1040,22 @@ gif_ioctl(
                error = EOPNOTSUPP;
                break;
        }
- bad:
+bad:
        return error;
 }
 
-/* This function is not used in our stack */
-void
-gif_delete_tunnel(sc)
-       struct gif_softc *sc;
+static void
+gif_delete_tunnel(struct gif_softc *sc)
 {
-       /* XXX: NetBSD protects this function with splsoftnet() */
-
+       GIF_LOCK_ASSERT(sc);
        if (sc->gif_psrc) {
-               FREE((caddr_t)sc->gif_psrc, M_IFADDR);
+               FREE(sc->gif_psrc, M_IFADDR);
                sc->gif_psrc = NULL;
        }
        if (sc->gif_pdst) {
-               FREE((caddr_t)sc->gif_pdst, M_IFADDR);
+               FREE(sc->gif_pdst, M_IFADDR);
                sc->gif_pdst = NULL;
        }
+       ROUTE_RELEASE(&sc->gif_ro);
        /* change the IFF_UP flag as well? */
 }