Date: Mon, 19 Dec 2005 16:21:29 +1300 From: Andrew Thompson <thompsa@freebsd.org> To: freebsd-pf@freebsd.org Cc: mlaier@freebsd.org, dhartmei@freebsd.org Subject: Re: cvs commit: src/sys/contrib/pf/net pf.c pfvar.h Message-ID: <20051219032129.GA10219@heff.fud.org.nz> In-Reply-To: <20051218090822.GA8358@heff.fud.org.nz> References: <200507201858.j6KIwRNZ097685@repoman.freebsd.org> <20051218090822.GA8358@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 18, 2005 at 10:08:22PM +1300, Andrew Thompson wrote: > On Wed, Jul 20, 2005 at 06:58:27PM +0000, Max Laier wrote: > > mlaier 2005-07-20 18:58:27 UTC > > > > FreeBSD src repository > > > > Modified files: > > sys/contrib/pf/net pf.c pfvar.h > > Log: > > Prevent a race condition. As pf_send_tcp() - called for expired synproxy > > states - has to drop the lock when calling back to ip_output(), the state > > purge timeout might run and gc the state. This results in a rb-tree > > inconsistency. With this change we flag expiring states while holding the > > lock and back off if the flag is already set. > > This commit seems to have broken net/pfflowd in ports. It still recieves > packets from pfsync0 but nothing with action == PFSYNC_ACT_DEL. More specifically the pfsync_delete_state() macro is broken. pf_purge_expired_state(struct pf_state *cur) { if (cur->sync_flags & PFSTATE_EXPIRING) return; cur->sync_flags |= PFSTATE_EXPIRING; <...> pfsync_delete_state(cur); But this will not do anything since sync_flags is not non-zero, as it is checked in the macro. #define pfsync_delete_state(st) do { \ if (!st->sync_flags) \ pfsync_pack_state(PFSYNC_ACT_DEL, (st), \ PFSYNC_FLAG_COMPRESS); \ st->sync_flags &= ~PFSTATE_FROMSYNC; \ } while (0) -- Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051219032129.GA10219>