Set IFF_BROADCAST and IFF_MULTICAST on vlan interfaces from the

beginning and simply refuse to attach to a parent without either
flag.

Our network stack cannot handle well IFF_BROADCAST or IFF_MULTICAST
on an interface changing on the fly.  E.g., IP will or won't assign
a broadcast address to an interface and join the all-hosts multicast
group on it depending on its IFF_BROADCAST and IFF_MULTICAST settings.
Should the flags alter later, IP will miss the change and keep using
bogus settings.  This can lead to evil things like supplying an
invalid broadcast address or trying to leave a multicast group that
hasn't been joined.  So just avoid touching the flags since an
interface was created.  This has no practical purpose.

Discussed with:	-net, glebius, oleg
MFC after:	1 week

sys/net/if_vlan.c

@@ -73,6 +73,7 @@
 
 #define VLANNAME	"vlan"
 #define	VLAN_DEF_HWIDTH	4
+#define	VLAN_IFFLAGS	(IFF_BROADCAST | IFF_MULTICAST)
 
 LIST_HEAD(ifvlanhead, ifvlan);
 
@@ -628,6 +629,7 @@ vlan_clone_create(struct if_clone *ifc, char *name, size_t len)
 	ifp->if_start = vlan_start;
 	ifp->if_ioctl = vlan_ioctl;
 	ifp->if_snd.ifq_maxlen = ifqmaxlen;
+	ifp->if_flags = VLAN_IFFLAGS;
 	ether_ifattach(ifp, eaddr);
 	/* Now undo some of the damage... */
 	ifp->if_baudrate = 0;
@@ -903,6 +905,8 @@ vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t tag)
 		return (EINVAL);
 	if (p->if_type != IFT_ETHER)
 		return (EPROTONOSUPPORT);
+	if ((p->if_flags & VLAN_IFFLAGS) != VLAN_IFFLAGS)
+		return (EPROTONOSUPPORT);
 	if (ifv->ifv_trunk)
 		return (EBUSY);
 
@@ -974,8 +978,7 @@ exists:
 	 * Copy only a selected subset of flags from the parent.
 	 * Other flags are none of our business.
 	 */
-#define VLAN_COPY_FLAGS \
-    (IFF_BROADCAST | IFF_MULTICAST | IFF_SIMPLEX | IFF_POINTOPOINT)
+#define VLAN_COPY_FLAGS (IFF_SIMPLEX)
 	ifp->if_flags &= ~VLAN_COPY_FLAGS;
 	ifp->if_flags |= p->if_flags & VLAN_COPY_FLAGS;
 #undef VLAN_COPY_FLAGS