Date: Tue, 9 Jun 2009 21:27:11 +0000 (UTC) From: Oleg Bulyzhin <oleg@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/net if_bridge.c if_ethersubr.c src/sys/netgraph ng_ipfw.c ng_ipfw.h src/sys/netinet ip_dummynet.h ip_fw.h src/sys/netinet/ipfw ip_dummynet.c ip_fw2.c ip_fw_pfil.c Message-ID: <200906092127.n59LRUJW092731@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
oleg 2009-06-09 21:27:11 UTC
FreeBSD src repository
Modified files:
sys/net if_bridge.c if_ethersubr.c
sys/netgraph ng_ipfw.c ng_ipfw.h
sys/netinet ip_dummynet.h ip_fw.h
sys/netinet/ipfw ip_dummynet.c ip_fw2.c ip_fw_pfil.c
Log:
SVN rev 193859 on 2009-06-09 21:27:11Z by oleg
Close long existed race with net.inet.ip.fw.one_pass = 0:
If packet leaves ipfw to other kernel subsystem (dummynet, netgraph, etc)
it carries pointer to matching ipfw rule. If this packet then reinjected back
to ipfw, ruleset processing starts from that rule. If rule was deleted
meanwhile, due to existed race condition panic was possible (as well as
other odd effects like parsing rules in 'reap list').
P.S. this commit changes ABI so userland ipfw related binaries should be
recompiled.
MFC after: 1 month
Tested by: Mikolaj Golub
Revision Changes Path
1.127 +11 -3 src/sys/net/if_bridge.c
1.264 +16 -13 src/sys/net/if_ethersubr.c
1.12 +2 -0 src/sys/netgraph/ng_ipfw.c
1.3 +2 -0 src/sys/netgraph/ng_ipfw.h
1.46 +6 -4 src/sys/netinet/ip_dummynet.h
1.130 +13 -9 src/sys/netinet/ip_fw.h
1.2 +2 -57 src/sys/netinet/ipfw/ip_dummynet.c
1.3 +29 -19 src/sys/netinet/ipfw/ip_fw2.c
1.2 +8 -0 src/sys/netinet/ipfw/ip_fw_pfil.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906092127.n59LRUJW092731>