[Bug 220217] deadlock on enc and pf
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jun 29 13:12:55 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220217
Andrey V. Elsukov <ae at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ae at FreeBSD.org
--- Comment #4 from Andrey V. Elsukov <ae at FreeBSD.org> ---
(In reply to Kristof Provost from comment #3)
> I'm not quite sure how to fix this though. In fact, right now I don't
> understand how this ever works.
I think we can extend ipsec_ctx_data structure by adding inpcb pointer. It will
be initialized for IPSEC_ENC_BEFORE+HHOOK_TYPE_IPSEC_OUT case, and will be NULL
for other cases. Then pass this pointer to the pfil_run_hooks(). In this case,
I think, pf_test_rule() will not invoke pf_socket_lookup() due to
pd->lookup.done = 1. And for other cases pf_socket_lookup() can be called,
because we don't hold any inpcbs.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list