Re: Panic (in firewall while doing lots of ifconfigs)

Dmitry Pryanishnikov wrote:

Hello!

On Tue, 29 Aug 2006, Ian FREISLICH wrote:
2589 case O_IP_SRC_ME:
2590 if (is_ipv4) {
2591 struct ifnet *tif;
2592
2593 INADDR_TO_IFP(src_ip, tif);
2594 match = (tif != NULL);
2595 }

Looks like a lack of the proper locking against IP address
addition/removal. These (O_IP_SRC_ME/O_IP_DST_ME),
as well as matching of interface by IP address in the iface_match():

/* XXX lock? */
TAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) {
if (ia->ifa_addr == NULL)
continue;

are worrying for these races exist since version 1.1 of the ip_fw2.c
for more than 4 years! Alas I'm not an expert in kernel locking, that's why
I don't know how to correctly lock these places.

I was surprised that I'm not seeing this on my other firewall because
it has 34* the packet rate, but now that I think about it, this is
an SMP machine and the other one with higher load is UP so locking
would be more of an issue here.

Ian

--
Ian Freislich
_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"