* Claudio Jeker <[email protected]> [111130 04:19]: > It is scary that we never checked if the cached route is valid in > in_pcbrtentry(). It always reliad on the check in ip_output(). > > Index: in_pcb.c > =================================================================== > RCS file: /cvs/src/sys/netinet/in_pcb.c,v > retrieving revision 1.124 > diff -u -p -r1.124 in_pcb.c > --- in_pcb.c 6 Jul 2011 01:57:37 -0000 1.124 > +++ in_pcb.c 30 Nov 2011 00:16:20 -0000 > @@ -746,6 +746,12 @@ in_pcbrtentry(struct inpcb *inp) > > ro = &inp->inp_route; > > + /* check if route is still valid */ > + if (ro->ro_rt && (ro->ro_rt->rt_flags & RTF_UP) == 0) { > + RTFREE(ro->ro_rt); > + ro->ro_rt = NULL; > + } > + > /* > * No route yet, so try to acquire one. > */ > @@ -765,6 +771,7 @@ in_pcbrtentry(struct inpcb *inp) > ro->ro_dst.sa_len = sizeof(struct sockaddr_in6); > ((struct sockaddr_in6 *) &ro->ro_dst)->sin6_addr = > inp->inp_faddr6; > + ro->ro_tableid = inp->inp_rtableid; > rtalloc_mpath(ro, &inp->inp_laddr6.s6_addr32[0]); > break; > #endif /* INET6 */
Can this go in? I haven't seen any such crashes since applying the diff. -- Alexander Polakov | plhk.ru
