Date: Tue, 29 Aug 2006 12:00:03 +0300 (EEST) From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> To: Ian FREISLICH <if@hetzner.co.za> Cc: freebsd-current@freebsd.org Subject: Re: Panic (in firewall while doing lots of ifconfigs) Message-ID: <20060829114401.O63269@atlantis.atlantis.dp.ua> In-Reply-To: <E1GHy6f-0002Nr-6c@hetzner.co.za> References: <E1GHy6f-0002Nr-6c@hetzner.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello!
On Tue, 29 Aug 2006, Ian FREISLICH wrote:
> 2589 case O_IP_SRC_ME:
> 2590 if (is_ipv4) {
> 2591 struct ifnet *tif;
> 2592
> 2593 INADDR_TO_IFP(src_ip, tif);
> 2594 match = (tif != NULL);
> 2595 }
Looks like a lack of the proper locking against IP address
addition/removal. These (O_IP_SRC_ME/O_IP_DST_ME),
as well as matching of interface by IP address in the iface_match():
/* XXX lock? */
TAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) {
if (ia->ifa_addr == NULL)
continue;
are worrying for these races exist since version 1.1 of the ip_fw2.c
for more than 4 years! Alas I'm not an expert in kernel locking, that's why
I don't know how to correctly lock these places.
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: dmitry@atlantis.dp.ua
nic-hdl: LYNX-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060829114401.O63269>