* Claudio Jeker <[email protected]> [111130 04:19]:
> Can you try the following diff?
> It is scary that we never checked if the cached route is valid in
> in_pcbrtentry(). It always reliad on the check in ip_output().
Seems to work fine, no crashes for 5 detachments, but the problem
wasn't 100% reproducable before, so I can't be sure.
> Index: in_pcb.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/in_pcb.c,v
> retrieving revision 1.124
> diff -u -p -r1.124 in_pcb.c
> --- in_pcb.c 6 Jul 2011 01:57:37 -0000 1.124
> +++ in_pcb.c 30 Nov 2011 00:16:20 -0000
> @@ -746,6 +746,12 @@ in_pcbrtentry(struct inpcb *inp)
>
> ro = &inp->inp_route;
>
> + /* check if route is still valid */
> + if (ro->ro_rt && (ro->ro_rt->rt_flags & RTF_UP) == 0) {
> + RTFREE(ro->ro_rt);
> + ro->ro_rt = NULL;
> + }
> +
> /*
> * No route yet, so try to acquire one.
> */
> @@ -765,6 +771,7 @@ in_pcbrtentry(struct inpcb *inp)
> ro->ro_dst.sa_len = sizeof(struct sockaddr_in6);
> ((struct sockaddr_in6 *) &ro->ro_dst)->sin6_addr =
> inp->inp_faddr6;
> + ro->ro_tableid = inp->inp_rtableid;
> rtalloc_mpath(ro, &inp->inp_laddr6.s6_addr32[0]);
> break;
> #endif /* INET6 */
--
Alexander Polakov | plhk.ru
