NPF: fix the interface table initialisation on load.

sys/net/npf/npf_conf.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_conf.c,v 1.10 2016/12/26 23:05:06 christos Exp $	*/
+/*	$NetBSD: npf_conf.c,v 1.11 2017/01/03 00:58:05 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2013 The NetBSD Foundation, Inc.
@@ -49,7 +49,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.10 2016/12/26 23:05:06 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.11 2017/01/03 00:58:05 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -157,7 +157,7 @@ npf_config_load(npf_t *npf, npf_ruleset_t *rset, npf_tableset_t *tset,
 		npf_ifmap_flush(npf);
 		npf_conn_load(npf, conns, !flush);
 		mutex_exit(&npf->config_lock);
-		return;
+		goto done;
 	}
 
 	/*
@@ -183,6 +183,9 @@ npf_config_load(npf_t *npf, npf_ruleset_t *rset, npf_tableset_t *tset,
 
 	/* Finally, it is safe to destroy the old config. */
 	npf_config_destroy(onc);
+done:
+	/* Sync all interface address tables (can be done asynchronously). */
+	npf_ifaddr_syncall(npf);
 }
 
 /*

sys/net/npf/npf_ifaddr.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_ifaddr.c,v 1.1 2017/01/02 21:49:51 rmind Exp $	*/
+/*	$NetBSD: npf_ifaddr.c,v 1.2 2017/01/03 00:58:05 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ifaddr.c,v 1.1 2017/01/02 21:49:51 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ifaddr.c,v 1.2 2017/01/03 00:58:05 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -46,20 +46,6 @@ __KERNEL_RCSID(0, "$NetBSD: npf_ifaddr.c,v 1.1 2017/01/02 21:49:51 rmind Exp $")
 
 #include "npf_impl.h"
 
-void
-npf_ifaddr_init(npf_t *npf)
-{
-	ifnet_t *ifp;
-
-	KERNEL_LOCK(1, NULL);
-	IFNET_LOCK();
-	IFNET_WRITER_FOREACH(ifp) {
-		npf_ifaddr_sync(npf, ifp);
-	}
-	IFNET_UNLOCK();
-	KERNEL_UNLOCK_ONE(NULL);
-}
-
 static npf_table_t *
 lookup_ifnet_table(npf_t *npf, ifnet_t *ifp)
 {
@@ -177,3 +163,19 @@ npf_ifaddr_flush(npf_t *npf, ifnet_t *ifp)
 	}
 	replace_ifnet_table(npf, t);
 }
+
+void
+npf_ifaddr_syncall(npf_t *npf)
+{
+	ifnet_t *ifp;
+
+	KERNEL_LOCK(1, NULL);
+	IFNET_LOCK();
+	IFNET_WRITER_FOREACH(ifp) {
+		npf_ifaddr_sync(npf, ifp);
+	}
+	IFNET_UNLOCK();
+	KERNEL_UNLOCK_ONE(NULL);
+}
+
+

sys/net/npf/npf_impl.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_impl.h,v 1.66 2017/01/02 21:49:51 rmind Exp $	*/
+/*	$NetBSD: npf_impl.h,v 1.67 2017/01/03 00:58:05 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -247,9 +247,9 @@ void		npf_ifmap_flush(npf_t *);
 u_int		npf_ifmap_getid(npf_t *, const ifnet_t *);
 const char *	npf_ifmap_getname(npf_t *, const u_int);
 
-void		npf_ifaddr_init(npf_t *);
 void		npf_ifaddr_sync(npf_t *, ifnet_t *);
 void		npf_ifaddr_flush(npf_t *, ifnet_t *);
+void		npf_ifaddr_syncall(npf_t *);
 
 /* Packet filter hooks. */
 int		npf_pfil_register(bool);

sys/net/npf/npf_os.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_os.c,v 1.4 2017/01/02 23:02:04 christos Exp $	*/
+/*	$NetBSD: npf_os.c,v 1.5 2017/01/03 00:58:05 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2009-2016 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_os.c,v 1.4 2017/01/02 23:02:04 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_os.c,v 1.5 2017/01/03 00:58:05 rmind Exp $");
 
 #ifdef _KERNEL_OPT
 #include "pf.h"
@@ -153,7 +153,6 @@ npf_init(void)
 	npf = npf_create(0, NULL, &kern_ifops);
 	npf_setkernctx(npf);
 	npf_pfil_register(true);
-	npf_ifaddr_init(npf);
 
 #ifdef _MODULE
 	devmajor_t bmajor = NODEVMAJOR, cmajor = NODEVMAJOR;
@@ -445,6 +444,12 @@ npf_pfil_register(bool init)
 		    PFIL_ALL, npf_ph_inet6);
 		KASSERT(error == 0);
 	}
+
+	/*
+	 * It is necessary to re-sync all/any interface address tables,
+	 * since we did not listen for any changes.
+	 */
+	npf_ifaddr_syncall(npf);
 	pfil_registered = true;
 out:
 	KERNEL_UNLOCK_ONE(NULL);