OpenBSD's tcpdrop(8)
Maxim Konovalov
maxim at macomnet.ru
Mon Jan 31 05:42:56 PST 2005
On Mon, 31 Jan 2005, 13:14-0000, Robert Watson wrote:
>
> On Mon, 31 Jan 2005, Maxim Konovalov wrote:
>
> > > The locking in the 6.x version looked reasonable, although you need to
> > > check to see if the (tp) returned by tcp_drop() is NULL or not and then
> > > conditionally unlock the inpcb if it's non-NULL -- otherwise you might
> > > unlock a free'd inpcb. There doesn't seem to be much validation of the
> > > tcp_ident_mapping structure, such as validation that the address lengths,
> > > etc, are correct?
> >
> > I've updated the diff for HEAD. How does it look now? TIA!
>
> The locking needs slightly more tweaking -- note that you still need to
> unlock (inp) if (tp = intotcpcb(inp)) returns NULL, and right now that
> won't happen. The "check tp for NULL" unlock case should only occur if
> you call tcp_drop(). Perhaps something like this:
>
> INP_LOCK(inp);
> if ((tp = intotcpcb(inp)) &&
> ((inp->inp_socket->so_options & SO_ACCEPTCONN) == 0)) {
> tp = tcp_drop(tp, ECONNABORTED);
> if (tp != NULL)
> INP_UNLOCK(inp);
> } else
> INP_UNLOCK(inp);
I see, updated. Thanks!
--
Maxim Konovalov
More information about the freebsd-current
mailing list