cvs commit: src/sys/netinet ip_output.c ip_var.h tcp_usrreq.c

Robert Watson rwatson at
Tue Nov 28 15:19:19 PST 2006

rwatson     2006-11-28 23:19:18 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_6_2)
    sys/netinet          ip_output.c ip_var.h tcp_usrreq.c 
  Merge ip_output.c:, ip_var.h:, tcp_usrreq.c:
  from RELENG_6 to RELENG_6_2:
    Reformulate ip_ctloutput() and tcp_ctloutput() to work around the fact
    that so_pcb can be invalidated at any time due to an untimely reset.
    Move the body of ip_ctloutput() to ip_ctloutput_pcbinfo(), which
    accepts a pcbinfo argument, and wrap it with ip_ctloutput(), which
    passes a NULL.  Modify tcp_ctloutput() to directly invoke
    ip_ctloutput_pcbinfo() and pass tcbinfo.  Hold the pcbinfo lock when
    dereferencing so_pcb and acquiring the inpcb lock in order to prevent
    the inpcb from being freed; the pcbinfo lock is then immediately
    dropped.  This is required as TCP may free the inppcb and invalidate
    so_pcb due to a reset at any time in the RELENG_6 network stack, which
    otherwise leads to a panic.
    This panic might be frequently seen on highly loaded IRC and Samba
    servers, which have long-lasting TCP connections, query socket options
    frequently, and see a significant number of reset connections.
    This change has been merged directly to RELENG_6 as the problem does
    not exist in HEAD, where the invariants for so_pcb are much stronger;
    the architectural changes in HEAD avoid the need to acquire a global
    lock in the socket option path.  This change will be merged to
    PR:             102412, 104765
    Reviewed by:    Diane Bruce <db at>
    Tested by:      Daniel Austin <daniel at kewlio dot net>,
                    Kai Gallasch <gallasch at free dot de>
  Approved by:    re (kensmith)
  Revision        Changes    Path  +34 -1     src/sys/netinet/ip_output.c        +3 -0      src/sys/netinet/ip_var.h   +1 -1      src/sys/netinet/tcp_usrreq.c

More information about the cvs-src mailing list