Hi everyone I made some modification to the pfioctl for limiting size of data transferred in a pf rule. every thing is working good. i keep some stats in pf and every 10 seconds i read them by using pfioctl.
this my code: case DIOCGETQUOTA: { //Addeb BY SADEGH SOLATI struct pfioc_getquota *get_quota = (struct pfioc_getquota *)addr; struct pf_state *state; struct pfioc_quota_data *p,*quota_data; u_int32_t nr = 0; quota_data=malloc(sizeof(struct pfioc_quota_data), M_TEMP, M_WAITOK); p = get_quota->get_quota_data; state = TAILQ_FIRST(&state_list); while (state != NULL) { if (state->quota>0 && state->direction==PF_IN && state->key[0]->af==AF_INET){ quota_data->saddr = state->key[0]->addr[0].v4.s_addr; //read needed fields quota_data->quota=state->quota; quota_data->bytes[0]=state->bytes[0] - state->quota_previous_bytes[0]; //get the diffrence between current and last quota_data->bytes[1]=state->bytes[1] - state->quota_previous_bytes[1]; //saw value state->quota_previous_bytes[0] = state->bytes[0]; state->quota_previous_bytes[1] = state->bytes[1]; error = copyout(quota_data, p, sizeof(*p)); //copy filled struct to user space to address ps if (error) goto fail; p++;//next struct nr++; state = TAILQ_NEXT(state, entry_list);} else state = TAILQ_NEXT(state, entry_list); } get_quota->length=nr; //specify how many state was readed free(quota_data, M_TEMP, 0); break; } the ddb shows that the crash happen in if (state->quota>0 && state->direction==PF_IN && state->key[0]->af==AF_INET) this statement was executed thousand times without problem. is there any thing wrong with my code?? is it possible two concurrent call to pfioctl leads to this crash? Thanks