Date: Tue, 17 Oct 2017 11:05:36 -0400 From: Ryan Stone <rysto32@gmail.com> To: freebsd-net <freebsd-net@freebsd.org> Subject: Should RO_RTFREE() also free the cached lle entry? Message-ID: <CAFMmRNz6E1MMYv7sq=aRBqN8uDxjWvn=7Rc8ZtBHkA1rvRhRKg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
About a year back we brought back lle (the ARP/NDP entry) caching back into the network stack. As near as I can tell, the ethernet layer will take a reference on the lle and place a pointer to it in the ro_lle field in the struct route passed down from the upper layer. The upper layer is expected to do something sensible with the lle. This appears to have introduced bugs in code that doesn't perform route caching. For example, ip_forward() passes a struct route down to ip_output(), but never checks if it needs to free an lle. Similarly, if ip_output() is passed NULL for the route, it substitutes a locally allocated one, and again does nothing with the lle. I believe that this means that these code paths now leak a reference on the lle. Both paths do call RO_RTFREE() on the struct route when they are done with it. I am wondering if the easiest path forward is to have that macro also release the reference on the cached lle. Otherwise fixing this is going to require a very invasive change that fixes any caller that ultimately might call into ether_output().
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFMmRNz6E1MMYv7sq=aRBqN8uDxjWvn=7Rc8ZtBHkA1rvRhRKg>