Date: Mon, 19 Dec 2005 16:21:29 +1300 From: Andrew Thompson <thompsa@freebsd.org> To: freebsd-pf@freebsd.org Cc: mlaier@freebsd.org, dhartmei@freebsd.org Subject: Re: cvs commit: src/sys/contrib/pf/net pf.c pfvar.h Message-ID: <20051219032129.GA10219@heff.fud.org.nz> In-Reply-To: <20051218090822.GA8358@heff.fud.org.nz> References: <200507201858.j6KIwRNZ097685@repoman.freebsd.org> <20051218090822.GA8358@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 18, 2005 at 10:08:22PM +1300, Andrew Thompson wrote:
> On Wed, Jul 20, 2005 at 06:58:27PM +0000, Max Laier wrote:
> > mlaier 2005-07-20 18:58:27 UTC
> >
> > FreeBSD src repository
> >
> > Modified files:
> > sys/contrib/pf/net pf.c pfvar.h
> > Log:
> > Prevent a race condition. As pf_send_tcp() - called for expired synproxy
> > states - has to drop the lock when calling back to ip_output(), the state
> > purge timeout might run and gc the state. This results in a rb-tree
> > inconsistency. With this change we flag expiring states while holding the
> > lock and back off if the flag is already set.
>
> This commit seems to have broken net/pfflowd in ports. It still recieves
> packets from pfsync0 but nothing with action == PFSYNC_ACT_DEL.
More specifically the pfsync_delete_state() macro is broken.
pf_purge_expired_state(struct pf_state *cur)
{
if (cur->sync_flags & PFSTATE_EXPIRING)
return;
cur->sync_flags |= PFSTATE_EXPIRING;
<...>
pfsync_delete_state(cur);
But this will not do anything since sync_flags is not non-zero, as it is
checked in the macro.
#define pfsync_delete_state(st) do { \
if (!st->sync_flags) \
pfsync_pack_state(PFSYNC_ACT_DEL, (st), \
PFSYNC_FLAG_COMPRESS); \
st->sync_flags &= ~PFSTATE_FROMSYNC; \
} while (0)
--
Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051219032129.GA10219>