Hi Crossbow team,
I have a question on the modifications made to dls_devnet_destroy():
int
dls_devnet_destroy(mac_handle_t mh, datalink_id_t *idp, boolean_t wait)
{
int err;
mac_perim_handle_t mph;
*idp = DATALINK_INVALID_LINKID;
err = dls_devnet_unset(mac_name(mh), idp, wait);
if (err != 0 && err != ENOENT)
return (err);
mac_perim_enter_by_mh(mh, &mph);
err = dls_link_rele_by_name(mac_name(mh));
mac_perim_exit(mph);
if (err != 0)
(void) dls_devnet_set(mac_name(mh), *idp, NULL);
return (err);
}
Once the call to dls_devnet_unset() has succeeded, is it possible for
dls_link_rele_by_name() to fail? I ask because the subsequent call to
dls_devnet_set() upon dls_link_rele_by_name() failure is problematic.
It this dls_devnet_set() call fails, the system is rendered hosed until
rebooted.
The Clearview iptun project is adding some code in dls_devnet_set() to
automatically set the zoneid of the link if it is created from within a
non-global zone, and I cannot assert that this code will always succeed.
It would be good to understand what the semantics of this function are
in all possible failure scenarios. It would be great if
dls_link_rele_by_name() couldn't fail in this case, and there should
thus be an ASSERT() that err == 0 below it. The call to
dls_devnet_set() could then be removed.
I don't know enough about what dls_link_rele_by_name() does with flows
to be able to assert that myself though. Input would be appreciated.
Thanks,
-Seb
