Hi everyone
I made some modification to the pfioctl for limiting size of data
transferred in a pf rule.
every thing is working good.
i keep some stats in pf and every 10 seconds i read them by using pfioctl.
this my code:
case DIOCGETQUOTA: { //Addeb BY SADEGH SOLATI
struct pfioc_getquota *get_quota = (struct pfioc_getquota *)addr;
struct pf_state *state;
struct pfioc_quota_data *p,*quota_data;
u_int32_t nr = 0;
quota_data=malloc(sizeof(struct pfioc_quota_data), M_TEMP, M_WAITOK);
p = get_quota->get_quota_data;
state = TAILQ_FIRST(&state_list);
while (state != NULL) {
if (state->quota>0 && state->direction==PF_IN &&
state->key[0]->af==AF_INET){
quota_data->saddr = state->key[0]->addr[0].v4.s_addr;
//read needed fields
quota_data->quota=state->quota;
quota_data->bytes[0]=state->bytes[0] -
state->quota_previous_bytes[0]; //get the diffrence between current
and last
quota_data->bytes[1]=state->bytes[1] -
state->quota_previous_bytes[1]; //saw value
state->quota_previous_bytes[0] = state->bytes[0];
state->quota_previous_bytes[1] = state->bytes[1];
error = copyout(quota_data, p, sizeof(*p)); //copy
filled struct to user space to address ps
if (error) goto fail;
p++;//next struct
nr++;
state = TAILQ_NEXT(state, entry_list);}
else state = TAILQ_NEXT(state, entry_list);
}
get_quota->length=nr; //specify how many state
was readed
free(quota_data, M_TEMP, 0);
break;
}
the ddb shows that the crash happen in
if (state->quota>0 && state->direction==PF_IN && state->key[0]->af==AF_INET)
this statement was executed thousand times without problem.
is there any thing wrong with my code??
is it possible two concurrent call to pfioctl leads to this crash?
Thanks
