cvs commit: src/sys/contrib/pf/net pf.c pfvar.h
Andrew Thompson
thompsa at freebsd.org
Sun Dec 18 19:21:38 PST 2005
On Sun, Dec 18, 2005 at 10:08:22PM +1300, Andrew Thompson wrote:
> On Wed, Jul 20, 2005 at 06:58:27PM +0000, Max Laier wrote:
> > mlaier 2005-07-20 18:58:27 UTC
> >
> > FreeBSD src repository
> >
> > Modified files:
> > sys/contrib/pf/net pf.c pfvar.h
> > Log:
> > Prevent a race condition. As pf_send_tcp() - called for expired synproxy
> > states - has to drop the lock when calling back to ip_output(), the state
> > purge timeout might run and gc the state. This results in a rb-tree
> > inconsistency. With this change we flag expiring states while holding the
> > lock and back off if the flag is already set.
>
> This commit seems to have broken net/pfflowd in ports. It still recieves
> packets from pfsync0 but nothing with action == PFSYNC_ACT_DEL.
More specifically the pfsync_delete_state() macro is broken.
pf_purge_expired_state(struct pf_state *cur)
{
if (cur->sync_flags & PFSTATE_EXPIRING)
return;
cur->sync_flags |= PFSTATE_EXPIRING;
<...>
pfsync_delete_state(cur);
But this will not do anything since sync_flags is not non-zero, as it is
checked in the macro.
#define pfsync_delete_state(st) do { \
if (!st->sync_flags) \
pfsync_pack_state(PFSYNC_ACT_DEL, (st), \
PFSYNC_FLAG_COMPRESS); \
st->sync_flags &= ~PFSTATE_FROMSYNC; \
} while (0)
--
Andrew
More information about the freebsd-pf
mailing list