cvs commit: src/sys/netinet ip_output.c ip_var.h tcp_usrreq.c

Robert Watson rwatson at
Tue Nov 28 13:41:13 PST 2006

rwatson     2006-11-28 21:41:12 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_6)
    sys/netinet          ip_output.c ip_var.h tcp_usrreq.c 
  Reformulate ip_ctloutput() and tcp_ctloutput() to work around the fact
  that so_pcb can be invalidated at any time due to an untimely reset.
  Move the body of ip_ctloutput() to ip_ctloutput_pcbinfo(), which
  accepts a pcbinfo argument, and wrap it with ip_ctloutput(), which
  passes a NULL.  Modify tcp_ctloutput() to directly invoke
  ip_ctloutput_pcbinfo() and pass tcbinfo.  Hold the pcbinfo lock when
  dereferencing so_pcb and acquiring the inpcb lock in order to prevent
  the inpcb from being freed; the pcbinfo lock is then immediately
  dropped.  This is required as TCP may free the inppcb and invalidate
  so_pcb due to a reset at any time in the RELENG_6 network stack, which
  otherwise leads to a panic.
  This panic might be frequently seen on highly loaded IRC and Samba
  servers, which have long-lasting TCP connections, query socket options
  frequently, and see a significant number of reset connections.
  This change has been merged directly to RELENG_6 as the problem does
  not exist in HEAD, where the invariants for so_pcb are much stronger;
  the architectural changes in HEAD avoid the need to acquire a global
  lock in the socket option path.  This change will be merged to
  PR:             102412, 104765
  Reviewed by:    Diane Bruce <db at>
  Tested by:      Daniel Austin <daniel at kewlio dot net>,
                  Kai Gallasch <gallasch at free dot de>
  Revision    Changes    Path  +34 -1     src/sys/netinet/ip_output.c    +3 -0      src/sys/netinet/ip_var.h   +1 -1      src/sys/netinet/tcp_usrreq.c

More information about the cvs-src mailing list