From owner-freebsd-net Wed Jun 6 3: 7:24 2001 Delivered-To: freebsd-net@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 0377337B403 for ; Wed, 6 Jun 2001 03:07:14 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f56A6Ei56721; Wed, 6 Jun 2001 13:06:14 +0300 (EEST) (envelope-from ru) Date: Wed, 6 Jun 2001 13:06:14 +0300 From: Ruslan Ermilov To: Garrett Wollman Cc: freebsd-net@FreeBSD.ORG Subject: Re: leaking route structures, please review Message-ID: <20010606130614.F37378@sunbay.com> Mail-Followup-To: Garrett Wollman , freebsd-net@FreeBSD.ORG References: <20010605145104.A68594@skriver.dk> <200106051513.LAA87829@khavrinen.lcs.mit.edu> <20010605204121.A49067@sunbay.com> <200106052018.QAA90495@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200106052018.QAA90495@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Tue, Jun 05, 2001 at 04:18:24PM -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jun 05, 2001 at 04:18:24PM -0400, Garrett Wollman wrote: > < said: > > > Hmm, and what happens if the PCB is the only holder of this route? > > The refcnt will be 1 in this case, and the code drops the reference > > by setting inp->inp_route.ro_rt = 0. How this route can be reused > > (and deleted) later? > > That would be a bug. rtfree() must always be called before forgetting > a reference. > OTOH, here is the relevant CSRG record: D 7.22 92/07/22 17:08:47 sklower 83 82 00003/00002/00450 MRs: COMMENTS: if in_losing notices an RTF_DYNAMIC route, it got freed twice # sccs sccsdiff -up -r7.21 -r7.22 in_pcb.c SCCS/s.in_pcb.c: 7.21 vs. 7.22 --- /tmp/get.1058.7.21 Wed Jun 6 12:50:34 2001 +++ /tmp/get.1058.7.22 Wed Jun 6 12:50:34 2001 @@ -370,6 +370,7 @@ in_losing(inp) struct rt_addrinfo info; if ((rt = inp->inp_route.ro_rt)) { + inp->inp_route.ro_rt = 0; bzero((caddr_t)&info, sizeof(info)); info.rti_info[RTAX_DST] = (struct sockaddr *)&inp->inp_route.ro_dst; @@ -380,12 +381,12 @@ in_losing(inp) (void) rtrequest(RTM_DELETE, rt_key(rt), rt->rt_gateway, rt_mask(rt), rt->rt_flags, (struct rtentry **)0); - inp->inp_route.ro_rt = 0; - rtfree(rt); + else /* * A new route can be allocated * the next time output is attempted. */ + rtfree(rt); } } I personally don't see how RTF_DYNAMIC route could affect whether to call rtfree() or not in this case. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message