From yar@yar.chem.msu.su  Sat Oct 21 02:21:31 2000
Return-Path: <yar@yar.chem.msu.su>
Received: from yar.chem.msu.su (yar.chem.msu.ru [195.208.208.25])
	by hub.freebsd.org (Postfix) with ESMTP id AE6A537B4C5
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 21 Oct 2000 02:21:28 -0700 (PDT)
Received: (from yar@localhost)
	by yar.chem.msu.su (8.11.0/8.11.0) id e9L9LBw00464;
	Sat, 21 Oct 2000 13:21:11 +0400 (MSD)
	(envelope-from yar)
Message-Id: <200010210921.e9L9LBw00464@yar.chem.msu.su>
Date: Sat, 21 Oct 2000 13:21:11 +0400 (MSD)
From: yar@comp.chem.msu.su
Sender: yar@yar.chem.msu.su
Reply-To: yar@comp.chem.msu.su
To: FreeBSD-gnats-submit@freebsd.org
Subject: if_delmulti() doesn't notify the interface
X-Send-Pr-Version: 3.2

>Number:         22176
>Category:       kern
>Synopsis:       if_delmulti() doesn't notify the interface
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    yar
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 21 02:30:01 PDT 2000
>Closed-Date:    Sat Mar 31 03:12:03 PST 2001
>Last-Modified:  Sat Mar 31 03:12:36 PST 2001
>Originator:     Yar Tikhiy
>Release:        FreeBSD 4.1-STABLE i386
>Organization:
Moscow State University
>Environment:

	The bug shows up in all branches.

>Description:

	The kernel if_delmulti() function is for removing multicast
	group addresses from an interface. After removing a link-layer
	address, an interface driver must be notified by calling
	its if_ioctl(), so it can rebuild hardware filters etc.

	However, if_delmulti() returns early and fails to notify
	a driver if an AF_LINK address has been removed. That
	happens because such an address usually doesn't have a
	helper ifma->ifma_addr->lladdr address (the pointer is
	null), unlike IP or other higher-level protocol multicasts.
	Noteably, ether_resolvemulti() sets "*llsa" to NULL when
	invoked on an AF_LINK address.

>How-To-Repeat:

	Join an ethernet muticast group from within kernel and then
	leave it using the if_addmulti()/if_delmulti() pair of
	functions. See the interface still recieving the multicasts
	(e.g. with the "tcpdump -p" command)

	I noticed that myself when debugging an ISL VLAN driver.

>Fix:

--- net/if.c.orig	Sat Oct 21 12:38:22 2000
+++ net/if.c	Sat Oct 21 12:46:32 2000
@@ -1278,6 +1278,12 @@
 	sa = ifma->ifma_lladdr;
 	s = splimp();
 	LIST_REMOVE(ifma, ifma_link);
+	/*
+	 * Make sure the interface driver is notified
+	 * if a link layer address has been removed.
+	 */
+	if (ifma->ifma_addr->sa_family == AF_LINK && sa == 0)
+		ifp->if_ioctl(ifp, SIOCDELMULTI, 0);
 	splx(s);
 	free(ifma->ifma_addr, M_IFMADDR);
 	free(ifma, M_IFMADDR);

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: yar 
State-Changed-When: Tue Mar 27 05:16:56 PST 2001 
State-Changed-Why:  
Fixed in -current 

http://www.freebsd.org/cgi/query-pr.cgi?pr=22176 
Responsible-Changed-From-To: freebsd-bugs->yar 
Responsible-Changed-By: yar 
Responsible-Changed-When: Tue Mar 27 05:28:41 PST 2001 
Responsible-Changed-Why:  
Assign the PR to myself since it's me who deals with 
the problem. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=22176 
State-Changed-From-To: analyzed->closed 
State-Changed-By: yar 
State-Changed-When: Sat Mar 31 03:12:03 PST 2001 
State-Changed-Why:  
Fixed in both branches 

http://www.freebsd.org/cgi/query-pr.cgi?pr=22176 
>Unformatted:
