xnu-792.tar.gz

[apple/xnu.git] / bsd / netinet6 / in6.c
diff --git a/bsd/netinet6/in6.c b/bsd/netinet6/in6.c

index f3648e6977f2d50ce88a62982a79875a7d2da146..8887a091dc693c5ff73d850b35c0ef00a16bc46f 100644 (file)
--- a/bsd/netinet6/in6.c
+++ b/bsd/netinet6/in6.c
@@ -78,6 +78,7 @@
  #include <sys/kernel.h>
  #include <sys/syslog.h>
  #include <sys/kern_event.h>
  #include <sys/kernel.h>
  #include <sys/syslog.h>
  #include <sys/kern_event.h>
+#include <kern/lock.h>
  
  #include <net/if.h>
  #include <net/if_types.h>
  
  #include <net/if.h>
  #include <net/if_types.h>
@@ -130,13 +131,14 @@ const struct in6_addr in6mask128 = IN6MASK128;
  const struct sockaddr_in6 sa6_any = {sizeof(sa6_any), AF_INET6,
                                      0, 0, IN6ADDR_ANY_INIT, 0};
  
  const struct sockaddr_in6 sa6_any = {sizeof(sa6_any), AF_INET6,
                                      0, 0, IN6ADDR_ANY_INIT, 0};
  
-static int in6_lifaddr_ioctl __P((struct socket *, u_long, caddr_t,
-       struct ifnet *, struct proc *));
-static int in6_ifinit __P((struct ifnet *, struct in6_ifaddr *,
-                          struct sockaddr_in6 *, int));
-static void in6_unlink_ifa __P((struct in6_ifaddr *, struct ifnet *));
+static int in6_lifaddr_ioctl(struct socket *, u_long, caddr_t,
+       struct ifnet *, struct proc *);
+static int in6_ifinit(struct ifnet *, struct in6_ifaddr *,
+                          struct sockaddr_in6 *, int);
+static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *, int);
  
  struct in6_multihead in6_multihead;    /* XXX BSS initialization */
  
  struct in6_multihead in6_multihead;    /* XXX BSS initialization */
+extern struct lck_mtx_t *nd6_mutex;
  
  /*
   * Subroutine for in6_ifaddloop() and in6_ifremloop().
  
  /*
   * Subroutine for in6_ifaddloop() and in6_ifremloop().
@@ -162,7 +164,7 @@ in6_ifloop_request(int cmd, struct ifaddr *ifa)
          * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest,
          * which changes the outgoing interface to the loopback interface.
          */
          * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest,
          * which changes the outgoing interface to the loopback interface.
          */
-       e = rtrequest(cmd, ifa->ifa_addr, ifa->ifa_addr,
+       e = rtrequest_locked(cmd, ifa->ifa_addr, ifa->ifa_addr,
                       (struct sockaddr *)&all1_sa,
                       RTF_UP|RTF_HOST|RTF_LLINFO, &nrt);
         if (e != 0) {
                       (struct sockaddr *)&all1_sa,
                       RTF_UP|RTF_HOST|RTF_LLINFO, &nrt);
         if (e != 0) {
@@ -196,7 +198,7 @@ in6_ifloop_request(int cmd, struct ifaddr *ifa)
                         if (nrt->rt_refcnt <= 0) {
                                 /* XXX: we should free the entry ourselves. */
                                 rtref(nrt);
                         if (nrt->rt_refcnt <= 0) {
                                 /* XXX: we should free the entry ourselves. */
                                 rtref(nrt);
-                               rtfree(nrt);
+                               rtfree_locked(nrt);
                         }
                 } else {
                         /* the cmd must be RTM_ADD here */
                         }
                 } else {
                         /* the cmd must be RTM_ADD here */
@@ -217,13 +219,15 @@ in6_ifaddloop(struct ifaddr *ifa)
  {
         struct rtentry *rt;
  
  {
         struct rtentry *rt;
  
+       lck_mtx_lock(rt_mtx);
         /* If there is no loopback entry, allocate one. */
         /* If there is no loopback entry, allocate one. */
-       rt = rtalloc1(ifa->ifa_addr, 0, 0);
+       rt = rtalloc1_locked(ifa->ifa_addr, 0, 0);
         if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 ||
             (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0)
                 in6_ifloop_request(RTM_ADD, ifa);
         if (rt)
                 rt->rt_refcnt--;
         if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 ||
             (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0)
                 in6_ifloop_request(RTM_ADD, ifa);
         if (rt)
                 rt->rt_refcnt--;
+       lck_mtx_unlock(rt_mtx);
  }
  
  /*
  }
  
  /*
@@ -231,7 +235,7 @@ in6_ifaddloop(struct ifaddr *ifa)
   * if it exists.
   */
  static void
   * if it exists.
   */
  static void
-in6_ifremloop(struct ifaddr *ifa)
+in6_ifremloop(struct ifaddr *ifa, int locked)
  {
         struct in6_ifaddr *ia;
         struct rtentry *rt;
  {
         struct in6_ifaddr *ia;
         struct rtentry *rt;
@@ -253,13 +257,17 @@ in6_ifremloop(struct ifaddr *ifa)
          * (probably p2p) interfaces.
          * XXX: we should avoid such a configuration in IPv6...
          */
          * (probably p2p) interfaces.
          * XXX: we should avoid such a configuration in IPv6...
          */
-       for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
+       if (!locked)
+               lck_mtx_lock(nd6_mutex);
+       for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
                 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) {
                         ia_count++;
                         if (ia_count > 1)
                                 break;
                 }
         }
                 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) {
                         ia_count++;
                         if (ia_count > 1)
                                 break;
                 }
         }
+       if (!locked)
+               lck_mtx_unlock(nd6_mutex);
  
         if (ia_count == 1) {
                 /*
  
         if (ia_count == 1) {
                 /*
@@ -270,12 +278,14 @@ in6_ifremloop(struct ifaddr *ifa)
                  * a subnet-router anycast address on an interface attahced
                  * to a shared medium.
                  */
                  * a subnet-router anycast address on an interface attahced
                  * to a shared medium.
                  */
-               rt = rtalloc1(ifa->ifa_addr, 0, 0);
+               lck_mtx_lock(rt_mtx);
+               rt = rtalloc1_locked(ifa->ifa_addr, 0, 0);
                 if (rt != NULL && (rt->rt_flags & RTF_HOST) != 0 &&
                     (rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) {
                         rt->rt_refcnt--;
                         in6_ifloop_request(RTM_DELETE, ifa);
                 }
                 if (rt != NULL && (rt->rt_flags & RTF_HOST) != 0 &&
                     (rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) {
                         rt->rt_refcnt--;
                         in6_ifloop_request(RTM_DELETE, ifa);
                 }
+               lck_mtx_unlock(rt_mtx);
         }
  }
  
         }
  }
  
@@ -289,16 +299,23 @@ in6_ifindex2scopeid(idx)
  
         if (idx < 0 || if_index < idx)
                 return -1;
  
         if (idx < 0 || if_index < idx)
                 return -1;
+       
+       ifnet_head_lock_shared();
         ifp = ifindex2ifnet[idx];
         ifp = ifindex2ifnet[idx];
+       ifnet_head_done();
  
  
+       ifnet_lock_shared(ifp);
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr->sa_family != AF_INET6)
                         continue;
                 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr->sa_family != AF_INET6)
                         continue;
                 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
-               if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))
+               if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
+                       ifnet_lock_done(ifp);
                         return sin6->sin6_scope_id & 0xffff;
                         return sin6->sin6_scope_id & 0xffff;
+               }
         }
         }
+       ifnet_lock_done(ifp);
  
         return -1;
  }
  
         return -1;
  }
@@ -370,11 +387,14 @@ in6_control(so, cmd, data, ifp, p)
         struct  in6_ifaddr *ia = NULL;
         struct  in6_aliasreq *ifra = (struct in6_aliasreq *)data;
         int privileged, error = 0;
         struct  in6_ifaddr *ia = NULL;
         struct  in6_aliasreq *ifra = (struct in6_aliasreq *)data;
         int privileged, error = 0;
-       u_long dl_tag;
+       int index;
+       struct timeval timenow;
+
+       getmicrotime(&timenow);
  
         privileged = 0;
  #ifdef __APPLE__
  
         privileged = 0;
  #ifdef __APPLE__
-       if (p == NULL || !suser(p->p_ucred, &p->p_acflag))
+       if (p == NULL || !proc_suser(p))
  #else
         if (p == NULL || !suser(p))
  #endif
  #else
         if (p == NULL || !suser(p))
  #endif
@@ -390,6 +410,15 @@ in6_control(so, cmd, data, ifp, p)
                 return(EOPNOTSUPP);
  
         switch (cmd) {
                 return(EOPNOTSUPP);
  
         switch (cmd) {
+       case SIOCAUTOCONF_START:
+       case SIOCAUTOCONF_STOP:
+       case SIOCLL_START:
+       case SIOCLL_STOP:
+       case SIOCPROTOATTACH_IN6:
+       case SIOCPROTODETACH_IN6:
+                if (!privileged)
+                        return(EPERM);
+               break;
         case SIOCSNDFLUSH_IN6:
         case SIOCSPFXFLUSH_IN6:
         case SIOCSRTRFLUSH_IN6:
         case SIOCSNDFLUSH_IN6:
         case SIOCSPFXFLUSH_IN6:
         case SIOCSRTRFLUSH_IN6:
@@ -449,28 +478,32 @@ in6_control(so, cmd, data, ifp, p)
         switch (cmd) {
  
         case SIOCAUTOCONF_START:
         switch (cmd) {
  
         case SIOCAUTOCONF_START:
+               ifnet_lock_exclusive(ifp);
                 ifp->if_eflags |= IFEF_ACCEPT_RTADVD;
                 ifp->if_eflags |= IFEF_ACCEPT_RTADVD;
+               ifnet_lock_done(ifp);
                 return (0);
  
         case SIOCAUTOCONF_STOP: 
                 {
                 return (0);
  
         case SIOCAUTOCONF_STOP: 
                 {
-                       struct ifaddr *ifa, *nifa = NULL;
-
+                       struct in6_ifaddr *ia, *nia = NULL;
+                       
+                       ifnet_lock_exclusive(ifp);
                         ifp->if_eflags &= ~IFEF_ACCEPT_RTADVD;
                         ifp->if_eflags &= ~IFEF_ACCEPT_RTADVD;
+                       ifnet_lock_done(ifp);
  
  
-                       /* nuke prefix list.  this may try to remove some of ifaddrs as well */
+                       /* nuke prefix list.  this may try to remove some ifaddrs as well */
                         in6_purgeprefix(ifp);
  
                         /* removed autoconfigured address from interface */
                         in6_purgeprefix(ifp);
  
                         /* removed autoconfigured address from interface */
-
-                       for (ifa = TAILQ_FIRST(&ifp->if_addrlist); ifa != NULL; ifa = nifa)
-                       {
-                               nifa = TAILQ_NEXT(ifa, ifa_list);
-                               if (ifa->ifa_addr == NULL || ifa->ifa_addr->sa_family != AF_INET6)
+                       lck_mtx_lock(nd6_mutex);
+                       for (ia = in6_ifaddrs; ia != NULL; ia = nia) {
+                               nia = ia->ia_next;
+                               if (ia->ia_ifa.ifa_ifp != ifp)
                                         continue;
                                         continue;
-                               if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_AUTOCONF)
-                                       in6_purgeaddr(ifa);
+                               if (ia->ia6_flags & IN6_IFF_AUTOCONF)
+                                       in6_purgeaddr(&ia->ia_ifa, 1);
                         }
                         }
+                       lck_mtx_unlock(nd6_mutex);
                         return (0);
                 }
  
                         return (0);
                 }
  
@@ -491,24 +524,25 @@ in6_control(so, cmd, data, ifp, p)
  
         case SIOCLL_STOP:
                 {
  
         case SIOCLL_STOP:
                 {
-                       struct ifaddr *ifa, *nifa = NULL;
-
+                       struct in6_ifaddr *ia, *nia = NULL;
+                       
                         /* removed link local addresses from interface */
  
                         /* removed link local addresses from interface */
  
-                       for (ifa = TAILQ_FIRST(&ifp->if_addrlist); ifa != NULL; ifa = nifa)
-                       {
-                               nifa = TAILQ_NEXT(ifa, ifa_list);
-                               if (ifa->ifa_addr == NULL || ifa->ifa_addr->sa_family != AF_INET6)
+                       lck_mtx_lock(nd6_mutex);
+                       for (ia = in6_ifaddrs; ia != NULL; ia = nia) {
+                               nia = ia->ia_next;
+                               if (ia->ia_ifa.ifa_ifp != ifp)
                                         continue;
                                         continue;
-                               if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa)))
-                                       in6_purgeaddr(ifa);
+                               if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr))
+                                       in6_purgeaddr(&ia->ia_ifa, 1);
                         }
                         }
+                       lck_mtx_unlock(nd6_mutex);
                         return (0);
                 }
  
  
         case SIOCPROTOATTACH_IN6:
                         return (0);
                 }
  
  
         case SIOCPROTOATTACH_IN6:
-               
+
                 switch (ifp->if_type) {
  #if IFT_BRIDGE /*OpenBSD 2.8*/
         /* some of the interfaces are inherently not IPv6 capable */
                 switch (ifp->if_type) {
  #if IFT_BRIDGE /*OpenBSD 2.8*/
         /* some of the interfaces are inherently not IPv6 capable */
@@ -517,7 +551,7 @@ in6_control(so, cmd, data, ifp, p)
  #endif
                         default:
  
  #endif
                         default:
  
-                               if (error = dlil_plumb_protocol(PF_INET6, ifp, &dl_tag))
+                               if (error = dlil_plumb_protocol(PF_INET6, ifp))
                                         printf("SIOCPROTOATTACH_IN6: %s error=%d\n", 
                                                 if_name(ifp), error);
                                 break;
                                         printf("SIOCPROTOATTACH_IN6: %s error=%d\n", 
                                                 if_name(ifp), error);
                                 break;
@@ -573,7 +607,8 @@ in6_control(so, cmd, data, ifp, p)
                  * and should be unused.
                  */
                 /* we decided to obsolete this command (20000704) */
                  * and should be unused.
                  */
                 /* we decided to obsolete this command (20000704) */
-               return(EINVAL);
+               error = EINVAL;
+               goto ioctl_cleanup;
  
         case SIOCDIFADDR_IN6:
                 /*
  
         case SIOCDIFADDR_IN6:
                 /*
@@ -583,8 +618,11 @@ in6_control(so, cmd, data, ifp, p)
                  * address from the day one, we consider "remove the first one"
                  * semantics to be not preferable.
                  */
                  * address from the day one, we consider "remove the first one"
                  * semantics to be not preferable.
                  */
-               if (ia == NULL)
-                       return(EADDRNOTAVAIL);
+               if (ia == NULL) {
+                       error = EADDRNOTAVAIL;
+                       goto ioctl_cleanup;
+               }
+               
                 /* FALLTHROUGH */
         case SIOCAIFADDR_IN6:
                 /*
                 /* FALLTHROUGH */
         case SIOCAIFADDR_IN6:
                 /*
@@ -592,10 +630,14 @@ in6_control(so, cmd, data, ifp, p)
                  * the corresponding operation.
                  */
                 if (ifra->ifra_addr.sin6_family != AF_INET6 ||
                  * the corresponding operation.
                  */
                 if (ifra->ifra_addr.sin6_family != AF_INET6 ||
-                   ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6))
-                       return(EAFNOSUPPORT);
-               if (!privileged)
-                       return(EPERM);
+                   ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
+                       error = EAFNOSUPPORT;
+                       goto ioctl_cleanup;
+               }
+               if (!privileged) {
+                       error = EPERM;
+                       goto ioctl_cleanup;
+               }
  
                 break;
  
  
                 break;
  
@@ -607,26 +649,34 @@ in6_control(so, cmd, data, ifp, p)
         case SIOCGIFDSTADDR_IN6:
         case SIOCGIFALIFETIME_IN6:
                 /* must think again about its semantics */
         case SIOCGIFDSTADDR_IN6:
         case SIOCGIFALIFETIME_IN6:
                 /* must think again about its semantics */
-               if (ia == NULL)
-                       return(EADDRNOTAVAIL);
+               if (ia == NULL) {
+                       error = EADDRNOTAVAIL;
+                       goto ioctl_cleanup;
+               }
                 break;
         case SIOCSIFALIFETIME_IN6:
             {
                 struct in6_addrlifetime *lt;
  
                 break;
         case SIOCSIFALIFETIME_IN6:
             {
                 struct in6_addrlifetime *lt;
  
-               if (!privileged)
-                       return(EPERM);
-               if (ia == NULL)
-                       return(EADDRNOTAVAIL);
+               if (!privileged) {
+                       error = EPERM;
+                       goto ioctl_cleanup;
+               }
+               if (ia == NULL) {
+                       error = EADDRNOTAVAIL;
+                       goto ioctl_cleanup;
+               }
                 /* sanity for overflow - beware unsigned */
                 lt = &ifr->ifr_ifru.ifru_lifetime;
                 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME
                 /* sanity for overflow - beware unsigned */
                 lt = &ifr->ifr_ifru.ifru_lifetime;
                 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME
-                && lt->ia6t_vltime + time_second < time_second) {
-                       return EINVAL;
+                && lt->ia6t_vltime + timenow.tv_sec < timenow.tv_sec) {
+                       error = EINVAL;
+                       goto ioctl_cleanup;
                 }
                 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME
                 }
                 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME
-                && lt->ia6t_pltime + time_second < time_second) {
-                       return EINVAL;
+                && lt->ia6t_pltime + timenow.tv_sec < timenow.tv_sec) {
+                       error = EINVAL;
+                       goto ioctl_cleanup;
                 }
                 break;
             }
                 }
                 break;
             }
@@ -639,8 +689,10 @@ in6_control(so, cmd, data, ifp, p)
                 break;
  
         case SIOCGIFDSTADDR_IN6:
                 break;
  
         case SIOCGIFDSTADDR_IN6:
-               if ((ifp->if_flags & IFF_POINTOPOINT) == 0)
-                       return(EINVAL);
+               if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
+                       error = EINVAL;
+                       goto ioctl_cleanup;
+               }
                 /*
                  * XXX: should we check if ifa_dstaddr is NULL and return
                  * an error?
                 /*
                  * XXX: should we check if ifa_dstaddr is NULL and return
                  * an error?
@@ -657,28 +709,34 @@ in6_control(so, cmd, data, ifp, p)
                 break;
  
         case SIOCGIFSTAT_IN6:
                 break;
  
         case SIOCGIFSTAT_IN6:
-               if (ifp == NULL)
-                       return EINVAL;
-               if (in6_ifstat == NULL || ifp->if_index >= in6_ifstatmax
-                || in6_ifstat[ifp->if_index] == NULL) {
+               if (ifp == NULL) {
+                       error = EINVAL;
+                       goto ioctl_cleanup;
+               }
+               index = ifp->if_index;
+               if (in6_ifstat == NULL || index >= in6_ifstatmax
+                || in6_ifstat[index] == NULL) {
                         /* return EAFNOSUPPORT? */
                         bzero(&ifr->ifr_ifru.ifru_stat,
                                 sizeof(ifr->ifr_ifru.ifru_stat));
                 } else
                         /* return EAFNOSUPPORT? */
                         bzero(&ifr->ifr_ifru.ifru_stat,
                                 sizeof(ifr->ifr_ifru.ifru_stat));
                 } else
-                       ifr->ifr_ifru.ifru_stat = *in6_ifstat[ifp->if_index];
+                       ifr->ifr_ifru.ifru_stat = *in6_ifstat[index];
                 break;
  
         case SIOCGIFSTAT_ICMP6:
                 break;
  
         case SIOCGIFSTAT_ICMP6:
-               if (ifp == NULL)
-                       return EINVAL;
-               if (icmp6_ifstat == NULL || ifp->if_index >= icmp6_ifstatmax ||
-                   icmp6_ifstat[ifp->if_index] == NULL) {
+               if (ifp == NULL) {
+                       error = EINVAL;
+                       goto ioctl_cleanup;
+               }
+               index = ifp->if_index;
+               if (icmp6_ifstat == NULL || index >= icmp6_ifstatmax ||
+                   icmp6_ifstat[index] == NULL) {
                         /* return EAFNOSUPPORT? */
                         bzero(&ifr->ifr_ifru.ifru_stat,
                                 sizeof(ifr->ifr_ifru.ifru_icmp6stat));
                 } else
                         ifr->ifr_ifru.ifru_icmp6stat =
                         /* return EAFNOSUPPORT? */
                         bzero(&ifr->ifr_ifru.ifru_stat,
                                 sizeof(ifr->ifr_ifru.ifru_icmp6stat));
                 } else
                         ifr->ifr_ifru.ifru_icmp6stat =
-                               *icmp6_ifstat[ifp->if_index];
+                               *icmp6_ifstat[index];
                 break;
  
         case SIOCGIFALIFETIME_IN6:
                 break;
  
         case SIOCGIFALIFETIME_IN6:
@@ -690,38 +748,44 @@ in6_control(so, cmd, data, ifp, p)
                 /* for sanity */
                 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
                         ia->ia6_lifetime.ia6t_expire =
                 /* for sanity */
                 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
                         ia->ia6_lifetime.ia6t_expire =
-                               time_second + ia->ia6_lifetime.ia6t_vltime;
+                               timenow.tv_sec + ia->ia6_lifetime.ia6t_vltime;
                 } else
                         ia->ia6_lifetime.ia6t_expire = 0;
                 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
                         ia->ia6_lifetime.ia6t_preferred =
                 } else
                         ia->ia6_lifetime.ia6t_expire = 0;
                 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
                         ia->ia6_lifetime.ia6t_preferred =
-                               time_second + ia->ia6_lifetime.ia6t_pltime;
+                               timenow.tv_sec + ia->ia6_lifetime.ia6t_pltime;
                 } else
                         ia->ia6_lifetime.ia6t_preferred = 0;
                 break;
  
         case SIOCAIFADDR_IN6:
         {
                 } else
                         ia->ia6_lifetime.ia6t_preferred = 0;
                 break;
  
         case SIOCAIFADDR_IN6:
         {
-               int i, error = 0;
+               int i;
                 struct nd_prefix pr0, *pr;
                 
                 struct nd_prefix pr0, *pr;
                 
-               if (dlil_find_dltag(ifp->if_family, ifp->if_unit, PF_INET6, &dl_tag) == EPROTONOSUPPORT) {
-                       /* Address is added without previous IPv6 configurator support (gif, stf etc...) */
-                       if (error = dlil_plumb_protocol(PF_INET6, ifp, &dl_tag)) {
+               /* Attempt to attache the protocol, in case it isn't attached */
+               error = dlil_plumb_protocol(PF_INET6, ifp);
+               if (error) {
+                       if (error != EEXIST) {
                                 printf("SIOCAIFADDR_IN6: %s can't plumb protocol error=%d\n", 
                                         if_name(ifp), error);
                                 printf("SIOCAIFADDR_IN6: %s can't plumb protocol error=%d\n", 
                                         if_name(ifp), error);
-                               return (error);
+                               goto ioctl_cleanup;
                         }
                         }
+                       
+                       /* Ignore, EEXIST */
+                       error = 0;
+               }
+               else {
+                       /* PF_INET6 wasn't previously attached */
                         in6_if_up(ifp, NULL);
                 }
                         in6_if_up(ifp, NULL);
                 }
-               
  
                 /*
                  * first, make or update the interface address structure,
                  * and link it to the list.
                  */
                 if ((error = in6_update_ifa(ifp, ifra, ia)) != 0)
  
                 /*
                  * first, make or update the interface address structure,
                  * and link it to the list.
                  */
                 if ((error = in6_update_ifa(ifp, ifra, ia)) != 0)
-                       return(error);
+                       goto ioctl_cleanup;
  
                 /*
                  * then, make the prefix on-link on the interface.
  
                 /*
                  * then, make the prefix on-link on the interface.
@@ -767,11 +831,12 @@ in6_control(so, cmd, data, ifp, p)
                          * interface route.
                          */
                         if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0)
                          * interface route.
                          */
                         if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0)
-                               return(error);
+                               goto ioctl_cleanup;
                         if (pr == NULL) {
                                 log(LOG_ERR, "nd6_prelist_add succedded but "
                                     "no prefix\n");
                         if (pr == NULL) {
                                 log(LOG_ERR, "nd6_prelist_add succedded but "
                                     "no prefix\n");
-                               return(EINVAL); /* XXX panic here? */
+                               error = EINVAL;
+                               goto ioctl_cleanup;
                         }
                 }
                 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr))
                         }
                 }
                 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr))
@@ -808,8 +873,7 @@ in6_control(so, cmd, data, ifp, p)
                          * addresses, that is, this address might make
                          * other addresses detached.
                          */
                          * addresses, that is, this address might make
                          * other addresses detached.
                          */
-                       pfxlist_onlink_check();
-                       in6_post_msg(ifp, KEV_INET6_NEW_USER_ADDR, ia);
+                       pfxlist_onlink_check(0);
                 }
  
                 break;
                 }
  
                 break;
@@ -858,23 +922,22 @@ in6_control(so, cmd, data, ifp, p)
                 }
  
           purgeaddr:
                 }
  
           purgeaddr:
-               in6_purgeaddr(&ia->ia_ifa);
+               in6_purgeaddr(&ia->ia_ifa, 0);
                 break;
         }
  
         default:
  #ifdef __APPLE__
                 break;
         }
  
         default:
  #ifdef __APPLE__
-                error = dlil_ioctl(PF_INET6, ifp, cmd, (caddr_t)data);
-                return error;
-
+               error = dlil_ioctl(PF_INET6, ifp, cmd, (caddr_t)data);
+               goto ioctl_cleanup;
  #else
                 if (ifp == NULL || ifp->if_ioctl == 0)
                         return(EOPNOTSUPP);
                 return((*ifp->if_ioctl)(ifp, cmd, data));
  #endif
         }
  #else
                 if (ifp == NULL || ifp->if_ioctl == 0)
                         return(EOPNOTSUPP);
                 return((*ifp->if_ioctl)(ifp, cmd, data));
  #endif
         }
-
-       return(0);
+ioctl_cleanup:
+       return error;
  }
  
  /*
  }
  
  /*
@@ -893,7 +956,10 @@ in6_update_ifa(ifp, ifra, ia)
         struct in6_ifaddr *oia;
         struct sockaddr_in6 dst6;
         struct in6_addrlifetime *lt;
         struct in6_ifaddr *oia;
         struct sockaddr_in6 dst6;
         struct in6_addrlifetime *lt;
+       struct timeval timenow;
  
  
+
+       lck_mtx_assert(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
         /* Validate parameters */
         if (ifp == NULL || ifra == NULL) /* this maybe redundant */
                 return(EINVAL);
         /* Validate parameters */
         if (ifp == NULL || ifra == NULL) /* this maybe redundant */
                 return(EINVAL);
@@ -912,6 +978,14 @@ in6_update_ifa(ifp, ifra, ia)
          */
         if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6))
                 return(EINVAL);
          */
         if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6))
                 return(EINVAL);
+       /*
+        * Set the address family value for the mask if it was not set.
+        * Radar 3899482.
+        */
+       if (ifra->ifra_prefixmask.sin6_len == sizeof(struct sockaddr_in6) &&
+               ifra->ifra_prefixmask.sin6_family == 0) {
+               ifra->ifra_prefixmask.sin6_family = AF_INET6;
+       }
         /*
          * Because the IPv6 address architecture is classless, we require
          * users to specify a (non 0) prefix length (mask) for a new address.
         /*
          * Because the IPv6 address architecture is classless, we require
          * users to specify a (non 0) prefix length (mask) for a new address.
@@ -985,9 +1059,11 @@ in6_update_ifa(ifp, ifra, ia)
                 }
         }
         /* lifetime consistency check */
                 }
         }
         /* lifetime consistency check */
+
+       getmicrotime(&timenow);
         lt = &ifra->ifra_lifetime;
         if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME
         lt = &ifra->ifra_lifetime;
         if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME
-           && lt->ia6t_vltime + time_second < time_second) {
+           && lt->ia6t_vltime + timenow.tv_sec < timenow.tv_sec) {
                 return EINVAL;
         }
         if (lt->ia6t_vltime == 0) {
                 return EINVAL;
         }
         if (lt->ia6t_vltime == 0) {
@@ -1000,7 +1076,7 @@ in6_update_ifa(ifp, ifra, ia)
                     ip6_sprintf(&ifra->ifra_addr.sin6_addr));
         }
         if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME
                     ip6_sprintf(&ifra->ifra_addr.sin6_addr));
         }
         if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME
-           && lt->ia6t_pltime + time_second < time_second) {
+           && lt->ia6t_pltime + timenow.tv_sec < timenow.tv_sec) {
                 return EINVAL;
         }
  
                 return EINVAL;
         }
  
@@ -1018,7 +1094,7 @@ in6_update_ifa(ifp, ifra, ia)
                 ia = (struct in6_ifaddr *)
                         _MALLOC(sizeof(*ia), M_IFADDR, M_NOWAIT);
                 if (ia == NULL)
                 ia = (struct in6_ifaddr *)
                         _MALLOC(sizeof(*ia), M_IFADDR, M_NOWAIT);
                 if (ia == NULL)
-                       return (ENOBUFS);
+                       return ENOBUFS;
                 bzero((caddr_t)ia, sizeof(*ia));
                 /* Initialize the address and masks */
                 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr;
                 bzero((caddr_t)ia, sizeof(*ia));
                 /* Initialize the address and masks */
                 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr;
@@ -1038,15 +1114,18 @@ in6_update_ifa(ifp, ifra, ia)
                         = (struct sockaddr *)&ia->ia_prefixmask;
  
                 ia->ia_ifp = ifp;
                         = (struct sockaddr *)&ia->ia_prefixmask;
  
                 ia->ia_ifp = ifp;
-               if ((oia = in6_ifaddr) != NULL) {
+               lck_mtx_lock(nd6_mutex);
+               if ((oia = in6_ifaddrs) != NULL) {
                         for ( ; oia->ia_next; oia = oia->ia_next)
                                 continue;
                         oia->ia_next = ia;
                 } else
                         for ( ; oia->ia_next; oia = oia->ia_next)
                                 continue;
                         oia->ia_next = ia;
                 } else
-                       in6_ifaddr = ia;
+                       in6_ifaddrs = ia;
+               lck_mtx_unlock(nd6_mutex);
  
  
-               TAILQ_INSERT_TAIL(&ifp->if_addrlist, &ia->ia_ifa,
-                                 ifa_list);
+               ifnet_lock_exclusive(ifp);
+               if_attach_ifa(ifp, &ia->ia_ifa);
+               ifnet_lock_done(ifp);
         }
  
         /* set prefix mask */
         }
  
         /* set prefix mask */
@@ -1108,7 +1187,7 @@ in6_update_ifa(ifp, ifra, ia)
  
                 iilen = (sizeof(ia->ia_prefixmask.sin6_addr) << 3) - plen;
                 if ((error = in6_prefix_add_ifid(iilen, ia)) != 0) {
  
                 iilen = (sizeof(ia->ia_prefixmask.sin6_addr) << 3) - plen;
                 if ((error = in6_prefix_add_ifid(iilen, ia)) != 0) {
-                       in6_purgeaddr((struct ifaddr *)ia);
+                       in6_purgeaddr((struct ifaddr *)ia, 0);
                         return(error);
                 }
         }
                         return(error);
                 }
         }
@@ -1131,14 +1210,14 @@ in6_update_ifa(ifp, ifra, ia)
                         llsol.s6_addr32[3] =
                                 ifra->ifra_addr.sin6_addr.s6_addr32[3];
                         llsol.s6_addr8[12] = 0xff;
                         llsol.s6_addr32[3] =
                                 ifra->ifra_addr.sin6_addr.s6_addr32[3];
                         llsol.s6_addr8[12] = 0xff;
-                       (void)in6_addmulti(&llsol, ifp, &error);
+                       (void)in6_addmulti(&llsol, ifp, &error, 0);
                         if (error != 0) {
                                 log(LOG_WARNING,
                                     "in6_update_ifa: addmulti failed for "
                                     "%s on %s (errno=%d)\n",
                                     ip6_sprintf(&llsol), if_name(ifp),
                                     error);
                         if (error != 0) {
                                 log(LOG_WARNING,
                                     "in6_update_ifa: addmulti failed for "
                                     "%s on %s (errno=%d)\n",
                                     ip6_sprintf(&llsol), if_name(ifp),
                                     error);
-                               in6_purgeaddr((struct ifaddr *)ia);
+                               in6_purgeaddr((struct ifaddr *)ia, 0);
                                 return(error);
                         }
                 }
                                 return(error);
                         }
                 }
@@ -1157,7 +1236,9 @@ in6_update_ifa(ifp, ifra, ia)
                 mltaddr.sin6_addr = in6addr_linklocal_allnodes;
                 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
  
                 mltaddr.sin6_addr = in6addr_linklocal_allnodes;
                 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
  
+               ifnet_lock_shared(ifp);
                 IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
                 IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
+               ifnet_lock_done(ifp);
                 if (in6m == NULL) {
                         rtrequest(RTM_ADD,
                                   (struct sockaddr *)&mltaddr,
                 if (in6m == NULL) {
                         rtrequest(RTM_ADD,
                                   (struct sockaddr *)&mltaddr,
@@ -1165,7 +1246,7 @@ in6_update_ifa(ifp, ifra, ia)
                                   (struct sockaddr *)&mltmask,
                                   RTF_UP|RTF_CLONING,  /* xxx */
                                   (struct rtentry **)0);
                                   (struct sockaddr *)&mltmask,
                                   RTF_UP|RTF_CLONING,  /* xxx */
                                   (struct rtentry **)0);
-                       (void)in6_addmulti(&mltaddr.sin6_addr, ifp, &error);
+                       (void)in6_addmulti(&mltaddr.sin6_addr, ifp, &error, 0);
                         if (error != 0) {
                                 log(LOG_WARNING,
                                     "in6_update_ifa: addmulti failed for "
                         if (error != 0) {
                                 log(LOG_WARNING,
                                     "in6_update_ifa: addmulti failed for "
@@ -1181,10 +1262,12 @@ in6_update_ifa(ifp, ifra, ia)
  #define hostnamelen    strlen(hostname)
                 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr)
                     == 0) {
  #define hostnamelen    strlen(hostname)
                 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr)
                     == 0) {
+                   ifnet_lock_shared(ifp);
                         IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
                         IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
+                       ifnet_lock_done(ifp);
                         if (in6m == NULL && ia != NULL) {
                                 (void)in6_addmulti(&mltaddr.sin6_addr,
                         if (in6m == NULL && ia != NULL) {
                                 (void)in6_addmulti(&mltaddr.sin6_addr,
-                                   ifp, &error);
+                                   ifp, &error, 0);
                                 if (error != 0) {
                                         log(LOG_WARNING, "in6_update_ifa: "
                                             "addmulti failed for "
                                 if (error != 0) {
                                         log(LOG_WARNING, "in6_update_ifa: "
                                             "addmulti failed for "
@@ -1210,7 +1293,9 @@ in6_update_ifa(ifp, ifra, ia)
  
                         mltaddr.sin6_addr = in6addr_nodelocal_allnodes;
  
  
                         mltaddr.sin6_addr = in6addr_nodelocal_allnodes;
  
+                       ifnet_lock_shared(ifp);
                         IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
                         IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
+                       ifnet_lock_done(ifp);
                         if (in6m == NULL && ia_loop != NULL) {
                                 rtrequest(RTM_ADD,
                                           (struct sockaddr *)&mltaddr,
                         if (in6m == NULL && ia_loop != NULL) {
                                 rtrequest(RTM_ADD,
                                           (struct sockaddr *)&mltaddr,
@@ -1219,7 +1304,7 @@ in6_update_ifa(ifp, ifra, ia)
                                           RTF_UP,
                                           (struct rtentry **)0);
                                 (void)in6_addmulti(&mltaddr.sin6_addr, ifp,
                                           RTF_UP,
                                           (struct rtentry **)0);
                                 (void)in6_addmulti(&mltaddr.sin6_addr, ifp,
-                                                  &error);
+                                                  &error, 0);
                                 if (error != 0) {
                                         log(LOG_WARNING, "in6_update_ifa: "
                                             "addmulti failed for %s on %s "
                                 if (error != 0) {
                                         log(LOG_WARNING, "in6_update_ifa: "
                                             "addmulti failed for %s on %s "
@@ -1239,12 +1324,12 @@ in6_update_ifa(ifp, ifra, ia)
         /* for sanity */
         if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
                 ia->ia6_lifetime.ia6t_expire =
         /* for sanity */
         if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
                 ia->ia6_lifetime.ia6t_expire =
-                       time_second + ia->ia6_lifetime.ia6t_vltime;
+                       timenow.tv_sec + ia->ia6_lifetime.ia6t_vltime;
         } else
                 ia->ia6_lifetime.ia6t_expire = 0;
         if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
                 ia->ia6_lifetime.ia6t_preferred =
         } else
                 ia->ia6_lifetime.ia6t_expire = 0;
         if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
                 ia->ia6_lifetime.ia6t_preferred =
-                       time_second + ia->ia6_lifetime.ia6t_pltime;
+                       timenow.tv_sec + ia->ia6_lifetime.ia6t_pltime;
         } else
                 ia->ia6_lifetime.ia6t_preferred = 0;
  
         } else
                 ia->ia6_lifetime.ia6t_preferred = 0;
  
@@ -1273,13 +1358,13 @@ in6_update_ifa(ifp, ifra, ia)
          * anyway.
          */
         if (hostIsNew)
          * anyway.
          */
         if (hostIsNew)
-               in6_unlink_ifa(ia, ifp);
+               in6_unlink_ifa(ia, ifp, 0);
         return(error);
  }
  
  void
         return(error);
  }
  
  void
-in6_purgeaddr(ifa)
-       struct ifaddr *ifa;
+in6_purgeaddr(
+       struct ifaddr *ifa, int nd6_locked)
  {
         struct ifnet *ifp = ifa->ifa_ifp;
         struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa;
  {
         struct ifnet *ifp = ifa->ifa_ifp;
         struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa;
@@ -1308,7 +1393,7 @@ in6_purgeaddr(ifa)
         }
  
         /* Remove ownaddr's loopback rtentry, if it exists. */
         }
  
         /* Remove ownaddr's loopback rtentry, if it exists. */
-       in6_ifremloop(&(ia->ia_ifa));
+       in6_ifremloop(&(ia->ia_ifa), nd6_locked);
  
         if (ifp->if_flags & IFF_MULTICAST) {
                 /*
  
         if (ifp->if_flags & IFF_MULTICAST) {
                 /*
@@ -1325,29 +1410,35 @@ in6_purgeaddr(ifa)
                         ia->ia_addr.sin6_addr.s6_addr32[3];
                 llsol.s6_addr8[12] = 0xff;
  
                         ia->ia_addr.sin6_addr.s6_addr32[3];
                 llsol.s6_addr8[12] = 0xff;
  
+               ifnet_lock_shared(ifp);
                 IN6_LOOKUP_MULTI(llsol, ifp, in6m);
                 IN6_LOOKUP_MULTI(llsol, ifp, in6m);
+               ifnet_lock_done(ifp);
                 if (in6m)
                 if (in6m)
-                       in6_delmulti(in6m);
+                       in6_delmulti(in6m, nd6_locked);
         }
  
         }
  
+       in6_unlink_ifa(ia, ifp, nd6_locked);
         in6_post_msg(ifp, KEV_INET6_ADDR_DELETED, ia);
         in6_post_msg(ifp, KEV_INET6_ADDR_DELETED, ia);
-       in6_unlink_ifa(ia, ifp);
  }
  
  static void
  }
  
  static void
-in6_unlink_ifa(ia, ifp)
+in6_unlink_ifa(ia, ifp, nd6_locked)
         struct in6_ifaddr *ia;
         struct ifnet *ifp;
         struct in6_ifaddr *ia;
         struct ifnet *ifp;
+       int nd6_locked;
  {
         int plen, iilen;
         struct in6_ifaddr *oia;
  {
         int plen, iilen;
         struct in6_ifaddr *oia;
-       int     s = splnet();
  
  
-       TAILQ_REMOVE(&ifp->if_addrlist, &ia->ia_ifa, ifa_list);
+       ifnet_lock_exclusive(ifp);
+       if_detach_ifa(ifp, &ia->ia_ifa);
+       ifnet_lock_done(ifp);
  
  
+       if (!nd6_locked)
+               lck_mtx_lock(nd6_mutex);
         oia = ia;
         oia = ia;
-       if (oia == (ia = in6_ifaddr))
-               in6_ifaddr = ia->ia_next;
+       if (oia == (ia = in6_ifaddrs)) 
+               in6_ifaddrs = ia->ia_next;
         else {
                 while (ia->ia_next && (ia->ia_next != oia))
                         ia = ia->ia_next;
         else {
                 while (ia->ia_next && (ia->ia_next != oia))
                         ia = ia->ia_next;
@@ -1358,7 +1449,6 @@ in6_unlink_ifa(ia, ifp)
                         printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n");
                 }
         }
                         printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n");
                 }
         }
-
         if (oia->ia6_ifpr) {    /* check for safety */
                 plen = in6_mask2len(&oia->ia_prefixmask.sin6_addr, NULL);
                 iilen = (sizeof(oia->ia_prefixmask.sin6_addr) << 3) - plen;
         if (oia->ia6_ifpr) {    /* check for safety */
                 plen = in6_mask2len(&oia->ia_prefixmask.sin6_addr, NULL);
                 iilen = (sizeof(oia->ia_prefixmask.sin6_addr) << 3) - plen;
@@ -1381,36 +1471,38 @@ in6_unlink_ifa(ia, ifp)
                         oia->ia6_ndpr = NULL;
                 }
  
                         oia->ia6_ndpr = NULL;
                 }
  
-               pfxlist_onlink_check();
+               pfxlist_onlink_check(1);
         }
         }
+       if (!nd6_locked)
+               lck_mtx_unlock(nd6_mutex);
+
  
         /*
  
         /*
-        * release another refcnt for the link from in6_ifaddr.
+        * release another refcnt for the link from in6_ifaddrs.
          * Note that we should decrement the refcnt at least once for all *BSD.
          */
         ifafree(&oia->ia_ifa);
  
          * Note that we should decrement the refcnt at least once for all *BSD.
          */
         ifafree(&oia->ia_ifa);
  
-       splx(s);
  }
  
  void
  in6_purgeif(ifp)
         struct ifnet *ifp;
  {
  }
  
  void
  in6_purgeif(ifp)
         struct ifnet *ifp;
  {
-       struct ifaddr *ifa, *nifa = NULL;
+       struct in6_ifaddr *ia, *nia = NULL;
  
         if (ifp == NULL || &ifp->if_addrlist == NULL)
                 return;
         
  
         if (ifp == NULL || &ifp->if_addrlist == NULL)
                 return;
         
-       for (ifa = TAILQ_FIRST(&ifp->if_addrlist); ifa != NULL; ifa = nifa)
+       lck_mtx_lock(nd6_mutex);
+       for (ia = in6_ifaddrs; ia != NULL; ia = nia)
         {
         {
-               nifa = TAILQ_NEXT(ifa, ifa_list);
-               if (ifa->ifa_addr == NULL)
+               nia = ia->ia_next;
+               if (ia->ia_ifa.ifa_ifp != ifp)
                         continue;
                         continue;
-               if (ifa->ifa_addr->sa_family != AF_INET6)
-                       continue;
-               in6_purgeaddr(ifa);
+               in6_purgeaddr(&ia->ia_ifa, 1);
         }
         }
+       lck_mtx_unlock(nd6_mutex);
  
         in6_ifdetach(ifp);
  }
  
         in6_ifdetach(ifp);
  }
@@ -1492,8 +1584,9 @@ in6_lifaddr_ioctl(so, cmd, data, ifp, p)
         case SIOCALIFADDR:
             {
                 struct in6_aliasreq ifra;
         case SIOCALIFADDR:
             {
                 struct in6_aliasreq ifra;
-               struct in6_addr *hostid = NULL;
+               struct in6_addr hostid;
                 int prefixlen;
                 int prefixlen;
+               int hostid_found = 0;
  
                 if ((iflr->flags & IFLR_PREFIX) != 0) {
                         struct sockaddr_in6 *sin6;
  
                 if ((iflr->flags & IFLR_PREFIX) != 0) {
                         struct sockaddr_in6 *sin6;
@@ -1506,7 +1599,8 @@ in6_lifaddr_ioctl(so, cmd, data, ifp, p)
                         ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0);
                         if (!ifa)
                                 return EADDRNOTAVAIL;
                         ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0);
                         if (!ifa)
                                 return EADDRNOTAVAIL;
-                       hostid = IFA_IN6(ifa);
+                       hostid = *IFA_IN6(ifa);
+                       hostid_found = 1;
  
                         /* prefixlen must be <= 64. */
                         if (64 < iflr->prefixlen)
  
                         /* prefixlen must be <= 64. */
                         if (64 < iflr->prefixlen)
@@ -1529,22 +1623,22 @@ in6_lifaddr_ioctl(so, cmd, data, ifp, p)
  
                 bcopy(&iflr->addr, &ifra.ifra_addr,
                         ((struct sockaddr *)&iflr->addr)->sa_len);
  
                 bcopy(&iflr->addr, &ifra.ifra_addr,
                         ((struct sockaddr *)&iflr->addr)->sa_len);
-               if (hostid) {
+               if (hostid_found) {
                         /* fill in hostid part */
                         ifra.ifra_addr.sin6_addr.s6_addr32[2] =
                         /* fill in hostid part */
                         ifra.ifra_addr.sin6_addr.s6_addr32[2] =
-                               hostid->s6_addr32[2];
+                               hostid.s6_addr32[2];
                         ifra.ifra_addr.sin6_addr.s6_addr32[3] =
                         ifra.ifra_addr.sin6_addr.s6_addr32[3] =
-                               hostid->s6_addr32[3];
+                               hostid.s6_addr32[3];
                 }
  
                 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) {   /*XXX*/
                         bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr,
                                 ((struct sockaddr *)&iflr->dstaddr)->sa_len);
                 }
  
                 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) {   /*XXX*/
                         bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr,
                                 ((struct sockaddr *)&iflr->dstaddr)->sa_len);
-                       if (hostid) {
+                       if (hostid_found) {
                                 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] =
                                 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] =
-                                       hostid->s6_addr32[2];
+                                       hostid.s6_addr32[2];
                                 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] =
                                 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] =
-                                       hostid->s6_addr32[3];
+                                       hostid.s6_addr32[3];
                         }
                 }
  
                         }
                 }
  
@@ -1593,6 +1687,7 @@ in6_lifaddr_ioctl(so, cmd, data, ifp, p)
                         }
                 }
  
                         }
                 }
  
+               ifnet_lock_shared(ifp);
                 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
                 {
                         if (ifa->ifa_addr->sa_family != AF_INET6)
                 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
                 {
                         if (ifa->ifa_addr->sa_family != AF_INET6)
@@ -1617,6 +1712,7 @@ in6_lifaddr_ioctl(so, cmd, data, ifp, p)
                         if (IN6_ARE_ADDR_EQUAL(&candidate, &match))
                                 break;
                 }
                         if (IN6_ARE_ADDR_EQUAL(&candidate, &match))
                                 break;
                 }
+               ifnet_lock_done(ifp);
                 if (!ifa)
                         return EADDRNOTAVAIL;
                 ia = ifa2ia6(ifa);
                 if (!ifa)
                         return EADDRNOTAVAIL;
                 ia = ifa2ia6(ifa);
@@ -1700,7 +1796,6 @@ in6_ifinit(ifp, ia, sin6, newhost)
         int newhost;
  {
         int     error = 0, plen, ifacount = 0;
         int newhost;
  {
         int     error = 0, plen, ifacount = 0;
-       int     s = splimp();
         struct ifaddr *ifa;
  
         /*
         struct ifaddr *ifa;
  
         /*
@@ -1708,6 +1803,7 @@ in6_ifinit(ifp, ia, sin6, newhost)
          * if this is its first address,
          * and to validate the address if necessary.
          */
          * if this is its first address,
          * and to validate the address if necessary.
          */
+       ifnet_lock_shared(ifp);
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr == NULL)
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr == NULL)
@@ -1716,25 +1812,17 @@ in6_ifinit(ifp, ia, sin6, newhost)
                         continue;
                 ifacount++;
         }
                         continue;
                 ifacount++;
         }
+       ifnet_lock_done(ifp);
  
         ia->ia_addr = *sin6;
  
  
         if (ifacount <= 1 && 
  
         ia->ia_addr = *sin6;
  
  
         if (ifacount <= 1 && 
-#ifdef __APPLE__
             (error = dlil_ioctl(PF_INET6, ifp, SIOCSIFADDR, (caddr_t)ia))) {
                 if (error) {
             (error = dlil_ioctl(PF_INET6, ifp, SIOCSIFADDR, (caddr_t)ia))) {
                 if (error) {
-                       splx(s);
                         return(error);
                 }
         }
                         return(error);
                 }
         }
-#else
-       ifp->if_ioctl && (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia))) {
-               splx(s);
-               return(error);
-       }
-#endif
-       splx(s);
  
         ia->ia_ifa.ifa_metric = ifp->if_metric;
  
  
         ia->ia_ifa.ifa_metric = ifp->if_metric;
  
@@ -1775,15 +1863,15 @@ in6_ifinit(ifp, ia, sin6, newhost)
   * given interface.
   */
  struct in6_multi *
   * given interface.
   */
  struct in6_multi *
-in6_addmulti(maddr6, ifp, errorp)
+in6_addmulti(maddr6, ifp, errorp, nd6_locked)
         struct in6_addr *maddr6;
         struct ifnet *ifp;
         int *errorp;
         struct in6_addr *maddr6;
         struct ifnet *ifp;
         int *errorp;
+       int nd6_locked;
  {
         struct  in6_multi *in6m;
         struct sockaddr_in6 sin6;
         struct ifmultiaddr *ifma;
  {
         struct  in6_multi *in6m;
         struct sockaddr_in6 sin6;
         struct ifmultiaddr *ifma;
-       int     s = splnet();
  
         *errorp = 0;
  
  
         *errorp = 0;
  
@@ -1798,7 +1886,6 @@ in6_addmulti(maddr6, ifp, errorp)
         sin6.sin6_addr = *maddr6;
         *errorp = if_addmulti(ifp, (struct sockaddr *)&sin6, &ifma);
         if (*errorp) {
         sin6.sin6_addr = *maddr6;
         *errorp = if_addmulti(ifp, (struct sockaddr *)&sin6, &ifma);
         if (*errorp) {
-               splx(s);
                 return 0;
         }
  
                 return 0;
         }
  
@@ -1813,7 +1900,6 @@ in6_addmulti(maddr6, ifp, errorp)
            at interrupt time?  If so, need to fix if_addmulti. XXX */
         in6m = (struct in6_multi *)_MALLOC(sizeof(*in6m), M_IPMADDR, M_NOWAIT);
         if (in6m == NULL) {
            at interrupt time?  If so, need to fix if_addmulti. XXX */
         in6m = (struct in6_multi *)_MALLOC(sizeof(*in6m), M_IPMADDR, M_NOWAIT);
         if (in6m == NULL) {
-               splx(s);
                 return (NULL);
         }
  
                 return (NULL);
         }
  
@@ -1822,14 +1908,17 @@ in6_addmulti(maddr6, ifp, errorp)
         in6m->in6m_ifp = ifp;
         in6m->in6m_ifma = ifma;
         ifma->ifma_protospec = in6m;
         in6m->in6m_ifp = ifp;
         in6m->in6m_ifma = ifma;
         ifma->ifma_protospec = in6m;
+       if (nd6_locked == 0)
+               lck_mtx_lock(nd6_mutex);
         LIST_INSERT_HEAD(&in6_multihead, in6m, in6m_entry);
         LIST_INSERT_HEAD(&in6_multihead, in6m, in6m_entry);
+       if (nd6_locked == 0)
+               lck_mtx_unlock(nd6_mutex);
  
         /*
          * Let MLD6 know that we have joined a new IP6 multicast
          * group.
          */
         mld6_start_listening(in6m);
  
         /*
          * Let MLD6 know that we have joined a new IP6 multicast
          * group.
          */
         mld6_start_listening(in6m);
-       splx(s);
         return(in6m);
  }
  
         return(in6m);
  }
  
@@ -1837,26 +1926,30 @@ in6_addmulti(maddr6, ifp, errorp)
   * Delete a multicast address record.
   */
  void
   * Delete a multicast address record.
   */
  void
-in6_delmulti(in6m)
-       struct in6_multi *in6m;
+in6_delmulti(
+       struct in6_multi *in6m, int nd6locked)
  {
         struct ifmultiaddr *ifma = in6m->in6m_ifma;
  {
         struct ifmultiaddr *ifma = in6m->in6m_ifma;
-       int     s = splnet();
  
  
-       if (ifma && ifma->ifma_refcount == 1) {
+       if (ifma && ifma->ifma_usecount == 1) {
                 /*
                  * No remaining claims to this record; let MLD6 know
                  * that we are leaving the multicast group.
                  */
                 mld6_stop_listening(in6m);
                 ifma->ifma_protospec = 0;
                 /*
                  * No remaining claims to this record; let MLD6 know
                  * that we are leaving the multicast group.
                  */
                 mld6_stop_listening(in6m);
                 ifma->ifma_protospec = 0;
+               if (nd6locked == 0)
+                       lck_mtx_lock(nd6_mutex);
                 LIST_REMOVE(in6m, in6m_entry);
                 LIST_REMOVE(in6m, in6m_entry);
+               if (nd6locked == 0)
+                       lck_mtx_unlock(nd6_mutex);
                 FREE(in6m, M_IPMADDR);
         }
         /* XXX - should be separate API for when we have an ifma? */
                 FREE(in6m, M_IPMADDR);
         }
         /* XXX - should be separate API for when we have an ifma? */
-       if (ifma)
-               if_delmultiaddr(ifma);
-       splx(s);
+       if (ifma) {
+               if_delmultiaddr(ifma, 0);
+               ifma_release(ifma);
+       }
  }
  
  /*
  }
  
  /*
@@ -1869,6 +1962,7 @@ in6ifa_ifpforlinklocal(ifp, ignoreflags)
  {
         struct ifaddr *ifa;
  
  {
         struct ifaddr *ifa;
  
+       ifnet_lock_shared(ifp);
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr == NULL)
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr == NULL)
@@ -1882,11 +1976,11 @@ in6ifa_ifpforlinklocal(ifp, ignoreflags)
                         break;
                 }
         }
                         break;
                 }
         }
+       ifnet_lock_done(ifp);
  
         return((struct in6_ifaddr *)ifa);
  }
  
  
         return((struct in6_ifaddr *)ifa);
  }
  
-
  /*
   * find the internet address corresponding to a given interface and address.
   */
  /*
   * find the internet address corresponding to a given interface and address.
   */
@@ -1897,6 +1991,7 @@ in6ifa_ifpwithaddr(ifp, addr)
  {
         struct ifaddr *ifa;
  
  {
         struct ifaddr *ifa;
  
+       ifnet_lock_shared(ifp);
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr == NULL)
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr == NULL)
@@ -1906,6 +2001,7 @@ in6ifa_ifpwithaddr(ifp, addr)
                 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa)))
                         break;
         }
                 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa)))
                         break;
         }
+       ifnet_lock_done(ifp);
  
         return((struct in6_ifaddr *)ifa);
  }
  
         return((struct in6_ifaddr *)ifa);
  }
@@ -1973,11 +2069,15 @@ in6_localaddr(in6)
         if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6))
                 return 1;
  
         if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6))
                 return 1;
  
-       for (ia = in6_ifaddr; ia; ia = ia->ia_next)
+       lck_mtx_lock(nd6_mutex);
+       for (ia = in6_ifaddrs; ia; ia = ia->ia_next)
                 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr,
                 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr,
-                                             &ia->ia_prefixmask.sin6_addr))
+                                             &ia->ia_prefixmask.sin6_addr)) {
+                       lck_mtx_unlock(nd6_mutex);
                         return 1;
                         return 1;
+               }
  
  
+       lck_mtx_unlock(nd6_mutex);
         return (0);
  }
  
         return (0);
  }
  
@@ -1987,18 +2087,22 @@ in6_is_addr_deprecated(sa6)
  {
         struct in6_ifaddr *ia;
  
  {
         struct in6_ifaddr *ia;
  
-       for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
+       lck_mtx_lock(nd6_mutex);
+       for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
                 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr,
                                        &sa6->sin6_addr) &&
  #if SCOPEDROUTING
                     ia->ia_addr.sin6_scope_id == sa6->sin6_scope_id &&
  #endif
                 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr,
                                        &sa6->sin6_addr) &&
  #if SCOPEDROUTING
                     ia->ia_addr.sin6_scope_id == sa6->sin6_scope_id &&
  #endif
-                   (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0)
+                   (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) {
+                       lck_mtx_unlock(nd6_mutex);
                         return(1); /* true */
                         return(1); /* true */
+               }
  
                 /* XXX: do we still have to go thru the rest of the list? */
         }
  
  
                 /* XXX: do we still have to go thru the rest of the list? */
         }
  
+       lck_mtx_unlock(nd6_mutex);
         return(0);              /* false */
  }
  
         return(0);              /* false */
  }
  
@@ -2046,7 +2150,8 @@ in6_are_prefix_equal(p1, p2, len)
  
         if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen))
                 return(0);
  
         if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen))
                 return(0);
-       if (p1->s6_addr[bytelen] >> (8 - bitlen) !=
+       if (bitlen != 0 && 
+           p1->s6_addr[bytelen] >> (8 - bitlen) !=
             p2->s6_addr[bytelen] >> (8 - bitlen))
                 return(0);
  
             p2->s6_addr[bytelen] >> (8 - bitlen))
                 return(0);
  
@@ -2081,9 +2186,9 @@ in6_prefixlen2mask(maskp, len)
   * return the best address out of the same scope
   */
  struct in6_ifaddr *
   * return the best address out of the same scope
   */
  struct in6_ifaddr *
-in6_ifawithscope(oifp, dst)
-       struct ifnet *oifp;
-       struct in6_addr *dst;
+in6_ifawithscope(
+       struct ifnet *oifp,
+       struct in6_addr *dst)
  {
         int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0;
         int blen = -1;
  {
         int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0;
         int blen = -1;
@@ -2103,8 +2208,8 @@ in6_ifawithscope(oifp, dst)
          * Comparing an interface with the outgoing interface will be done
          * only at the final stage of tiebreaking.
          */
          * Comparing an interface with the outgoing interface will be done
          * only at the final stage of tiebreaking.
          */
-       for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list))
-       {
+       ifnet_head_lock_shared();
+       TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
                 /*
                  * We can never take an address that breaks the scope zone
                  * of the destination.
                 /*
                  * We can never take an address that breaks the scope zone
                  * of the destination.
@@ -2112,6 +2217,7 @@ in6_ifawithscope(oifp, dst)
                 if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst))
                         continue;
  
                 if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst))
                         continue;
  
+               ifnet_lock_shared(ifp);
                 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
                 {
                         int tlen = -1, dscopecmp, bscopecmp, matchcmp;
                 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
                 {
                         int tlen = -1, dscopecmp, bscopecmp, matchcmp;
@@ -2328,12 +2434,17 @@ in6_ifawithscope(oifp, dst)
                                 goto replace; /* (9) */
  
                   replace:
                                 goto replace; /* (9) */
  
                   replace:
+                       ifaref(ifa);
+                       if (ifa_best)
+                               ifafree(&ifa_best->ia_ifa);
                         ifa_best = (struct in6_ifaddr *)ifa;
                         blen = tlen >= 0 ? tlen :
                                 in6_matchlen(IFA_IN6(ifa), dst);
                         best_scope = in6_addrscope(&ifa_best->ia_addr.sin6_addr);
                 }
                         ifa_best = (struct in6_ifaddr *)ifa;
                         blen = tlen >= 0 ? tlen :
                                 in6_matchlen(IFA_IN6(ifa), dst);
                         best_scope = in6_addrscope(&ifa_best->ia_addr.sin6_addr);
                 }
+               ifnet_lock_done(ifp);
         }
         }
+       ifnet_head_done();
  
         /* count statistics for future improvements */
         if (ifa_best == NULL)
  
         /* count statistics for future improvements */
         if (ifa_best == NULL)
@@ -2361,9 +2472,9 @@ in6_ifawithscope(oifp, dst)
   * found, return the first valid address from designated IF.
   */
  struct in6_ifaddr *
   * found, return the first valid address from designated IF.
   */
  struct in6_ifaddr *
-in6_ifawithifp(ifp, dst)
-       struct ifnet *ifp;
-       struct in6_addr *dst;
+in6_ifawithifp(
+       struct ifnet *ifp,
+       struct in6_addr *dst)
  {
         int dst_scope = in6_addrscope(dst), blen = -1, tlen;
         struct ifaddr *ifa;
  {
         int dst_scope = in6_addrscope(dst), blen = -1, tlen;
         struct ifaddr *ifa;
@@ -2378,6 +2489,7 @@ in6_ifawithifp(ifp, dst)
          * If two or more, return one which matches the dst longest.
          * If none, return one of global addresses assigned other ifs.
          */
          * If two or more, return one which matches the dst longest.
          * If none, return one of global addresses assigned other ifs.
          */
+       ifnet_lock_shared(ifp);
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr->sa_family != AF_INET6)
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr->sa_family != AF_INET6)
@@ -2410,8 +2522,10 @@ in6_ifawithifp(ifp, dst)
                                 besta = (struct in6_ifaddr *)ifa;
                 }
         }
                                 besta = (struct in6_ifaddr *)ifa;
                 }
         }
-       if (besta)
+       if (besta) {
+               ifnet_lock_done(ifp);
                 return(besta);
                 return(besta);
+       }
  
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
  
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
@@ -2428,9 +2542,11 @@ in6_ifawithifp(ifp, dst)
                                 dep[1] = (struct in6_ifaddr *)ifa;
                         continue;
                 }
                                 dep[1] = (struct in6_ifaddr *)ifa;
                         continue;
                 }
-
+               
+               ifnet_lock_done(ifp);
                 return (struct in6_ifaddr *)ifa;
         }
                 return (struct in6_ifaddr *)ifa;
         }
+       ifnet_lock_done(ifp);
  
         /* use the last-resort values, that are, deprecated addresses */
         if (dep[0])
  
         /* use the last-resort values, that are, deprecated addresses */
         if (dep[0])
@@ -2447,9 +2563,9 @@ extern int in6_init2done;
   * perform DAD when interface becomes IFF_UP.
   */
  void
   * perform DAD when interface becomes IFF_UP.
   */
  void
-in6_if_up(ifp, ifra)
-       struct ifnet *ifp;
-       struct in6_aliasreq *ifra;
+in6_if_up(
+       struct ifnet *ifp,
+       struct in6_aliasreq *ifra)
  {
         struct ifaddr *ifa;
         struct in6_ifaddr *ia;
  {
         struct ifaddr *ifa;
         struct in6_ifaddr *ia;
@@ -2464,6 +2580,7 @@ in6_if_up(ifp, ifra)
         in6_ifattach(ifp, NULL, ifra);
  
         dad_delay = 0;
         in6_ifattach(ifp, NULL, ifra);
  
         dad_delay = 0;
+       ifnet_lock_exclusive(ifp);
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr->sa_family != AF_INET6)
         TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
         {
                 if (ifa->ifa_addr->sa_family != AF_INET6)
@@ -2472,11 +2589,12 @@ in6_if_up(ifp, ifra)
                 if (ia->ia6_flags & IN6_IFF_TENTATIVE)
                         nd6_dad_start(ifa, &dad_delay);
         }
                 if (ia->ia6_flags & IN6_IFF_TENTATIVE)
                         nd6_dad_start(ifa, &dad_delay);
         }
+       ifnet_lock_done(ifp);
  }
  
  int
  }
  
  int
-in6if_do_dad(ifp)
-       struct ifnet *ifp;
+in6if_do_dad(
+       struct ifnet *ifp)
  {
         if ((ifp->if_flags & IFF_LOOPBACK) != 0)
                 return(0);
  {
         if ((ifp->if_flags & IFF_LOOPBACK) != 0)
                 return(0);
@@ -2521,12 +2639,13 @@ in6_setmaxmtu()
         unsigned long maxmtu = 0;
         struct ifnet *ifp;
  
         unsigned long maxmtu = 0;
         struct ifnet *ifp;
  
-       for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list))
-       {
+       ifnet_head_lock_shared();
+       TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
                 if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
                     nd_ifinfo[ifp->if_index].linkmtu > maxmtu)
                         maxmtu =  nd_ifinfo[ifp->if_index].linkmtu;
         }
                 if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
                     nd_ifinfo[ifp->if_index].linkmtu > maxmtu)
                         maxmtu =  nd_ifinfo[ifp->if_index].linkmtu;
         }
+       ifnet_head_done();
         if (maxmtu)     /* update only when maxmtu is positive */
                 in6_maxmtu = maxmtu;
  }
         if (maxmtu)     /* update only when maxmtu is positive */
                 in6_maxmtu = maxmtu;
  }