From owner-freebsd-current@FreeBSD.ORG  Tue Aug 29 09:21:12 2006
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3877716A4DA
	for <freebsd-current@freebsd.org>; Tue, 29 Aug 2006 09:21:12 +0000 (UTC)
	(envelope-from if@hetzner.co.za)
Received: from hetzner.co.za (office.cpt2.your-server.co.za [196.7.147.230])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B2A3543D45
	for <freebsd-current@freebsd.org>; Tue, 29 Aug 2006 09:21:11 +0000 (GMT)
	(envelope-from if@hetzner.co.za)
Received: from localhost ([127.0.0.1] helo=ian.hetzner.africa)
	by hetzner.co.za with esmtp (Exim 4.62 (FreeBSD))
	(envelope-from <if@hetzner.co.za>)
	id 1GHzmQ-0002j9-3w; Tue, 29 Aug 2006 11:21:10 +0200
To: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
From: Ian FREISLICH <if@hetzner.co.za>
In-Reply-To: Message from Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> 
	of "Tue, 29 Aug 2006 12:00:03 +0300."
	<20060829114401.O63269@atlantis.atlantis.dp.ua> 
X-Attribution: BOFH
Date: Tue, 29 Aug 2006 11:21:10 +0200
Message-Id: <E1GHzmQ-0002j9-3w@hetzner.co.za>
Cc: freebsd-current@freebsd.org
Subject: Re: Panic (in firewall while doing lots of ifconfigs) 
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2006 09:21:12 -0000

Dmitry Pryanishnikov wrote:
> 
> Hello!
> 
> On Tue, 29 Aug 2006, Ian FREISLICH wrote:
> > 2589                            case O_IP_SRC_ME:
> > 2590                                    if (is_ipv4) {
> > 2591                                            struct ifnet *tif;
> > 2592
> > 2593                                            INADDR_TO_IFP(src_ip, tif);
> > 2594                                            match = (tif != NULL);
> > 2595                                    }
> 
>     Looks like a lack of the proper locking against IP address 
> addition/removal. These (O_IP_SRC_ME/O_IP_DST_ME), 
> as well as matching of interface by IP address in the iface_match():
> 
>                  /* XXX lock? */
>                  TAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) {
>                          if (ia->ifa_addr == NULL)
>                                  continue;
> 
> are worrying for these races exist since version 1.1 of the ip_fw2.c
> for more than 4 years! Alas I'm not an expert in kernel locking, that's why
> I don't know how to correctly lock these places.

I was surprised that I'm not seeing this on my other firewall because
it has 34* the packet rate, but now that I think about it, this is
an SMP machine and the other one with higher load is UP so locking
would be more of an issue here.

Ian

--
Ian Freislich