Re: git: 6d4a140acfdf - main - pf: Ensure that st->kif is obtained in a way which respects the r->rpool->mtx mutex
- Reply: Kristof Provost : "Re: git: 6d4a140acfdf - main - pf: Ensure that st->kif is obtained in a way which respects the r->rpool->mtx mutex"
- In reply to: Kristof Provost : "git: 6d4a140acfdf - main - pf: Ensure that st->kif is obtained in a way which respects the r->rpool->mtx mutex"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 06 Feb 2024 02:02:37 UTC
On Mon, Feb 05, 2024 at 09:19:20PM +0000, Kristof Provost wrote: K> The branch main has been updated by kp: K> K> URL: https://cgit.FreeBSD.org/src/commit/?id=6d4a140acfdf637bb559d371c583e4db478e1549 K> K> commit 6d4a140acfdf637bb559d371c583e4db478e1549 K> Author: Igor Ostapenko <pm@igoro.pro> K> AuthorDate: 2024-02-05 16:22:31 +0000 K> Commit: Kristof Provost <kp@FreeBSD.org> K> CommitDate: 2024-02-05 21:18:11 +0000 The author should be Kajetan :( I guess you were working on several reviews at a time and had name in paste buffer. :( K> pf: Ensure that st->kif is obtained in a way which respects the r->rpool->mtx mutex K> K> The redirection pool stored in r->rpool.cur is used for loadbalancing K> and cur can change whenever loadbalancing happens, which is for every K> new connection. Therefore it can't be trusted outside of pf_map_addr() K> and the r->rpool->mtx mutex. After evaluating the ruleset, loadbalancing K> decission is made in pf_map_addr() called from within pf_create_state() K> and stored in the state itself. K> K> This patch modifies BOUND_IFACE() so that it only uses the information K> already stored in the state which has been obtained in a way which K> respects the r->rpool->mtx mutex. K> K> Reviewed by: kp K> Differential Revision: https://reviews.freebsd.org/D43741 -- Gleb Smirnoff