svn commit: r243941 - head/sys/netpfil/pf
Gleb Smirnoff
glebius at FreeBSD.org
Thu Dec 6 08:32:29 UTC 2012
Author: glebius
Date: Thu Dec 6 08:32:28 2012
New Revision: 243941
URL: http://svnweb.freebsd.org/changeset/base/243941
Log:
Close possible races between state deletion and sent being sent out
from pfsync:
- Call into pfsync_delete_state() holding the state lock.
- Set the state timeout to PFTM_UNLINKED after state has been moved
to the PFSYNC_S_DEL queue in pfsync.
Reported by: Ian FREISLICH <ianf cloudseed.co.za>
Modified:
head/sys/netpfil/pf/pf.c
Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c Thu Dec 6 08:22:08 2012 (r243940)
+++ head/sys/netpfil/pf/pf.c Thu Dec 6 08:32:28 2012 (r243941)
@@ -1487,8 +1487,6 @@ pf_unlink_state(struct pf_state *s, u_in
return (0); /* XXXGL: undefined actually */
}
- s->timeout = PFTM_UNLINKED;
-
if (s->src.state == PF_TCPS_PROXY_DST) {
/* XXX wire key the right one? */
pf_send_tcp(NULL, s->rule.ptr, s->key[PF_SK_WIRE]->af,
@@ -1502,11 +1500,14 @@ pf_unlink_state(struct pf_state *s, u_in
LIST_REMOVE(s, entry);
pf_src_tree_remove_state(s);
- PF_HASHROW_UNLOCK(ih);
if (pfsync_delete_state_ptr != NULL)
pfsync_delete_state_ptr(s);
+ s->timeout = PFTM_UNLINKED;
+
+ PF_HASHROW_UNLOCK(ih);
+
pf_detach_state(s);
refcount_release(&s->refs);
More information about the svn-src-all
mailing list