Module Name: src
Committed By: rmind
Date: Sat Dec 20 16:19:43 UTC 2014
Modified Files:
src/sys/net/npf: npf_conn.c npf_conn.h npf_nat.c
Log Message:
NPF: set the connection flags atomically in the post-creation logic and
fix a tiny race condition window. Might fix PR/49488.
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/sys/net/npf/npf_conn.c
cvs rdiff -u -r1.7 -r1.8 src/sys/net/npf/npf_conn.h
cvs rdiff -u -r1.37 -r1.38 src/sys/net/npf/npf_nat.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_conn.c
diff -u src/sys/net/npf/npf_conn.c:1.13 src/sys/net/npf/npf_conn.c:1.14
--- src/sys/net/npf/npf_conn.c:1.13 Sun Nov 30 00:40:55 2014
+++ src/sys/net/npf/npf_conn.c Sat Dec 20 16:19:43 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_conn.c,v 1.13 2014/11/30 00:40:55 rmind Exp $ */
+/* $NetBSD: npf_conn.c,v 1.14 2014/12/20 16:19:43 rmind Exp $ */
/*-
* Copyright (c) 2014 Mindaugas Rasiukevicius <rmind at netbsd org>
@@ -99,7 +99,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_conn.c,v 1.13 2014/11/30 00:40:55 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_conn.c,v 1.14 2014/12/20 16:19:43 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -660,7 +660,7 @@ npf_conn_setpass(npf_conn_t *con, npf_rp
* If rproc is set, the caller transfers its reference to us,
* which will be released on npf_conn_destroy().
*/
- con->c_flags |= CONN_PASS;
+ atomic_or_uint(&con->c_flags, CONN_PASS);
con->c_rproc = rp;
}
@@ -673,7 +673,7 @@ npf_conn_release(npf_conn_t *con)
{
if ((con->c_flags & (CONN_ACTIVE | CONN_EXPIRE)) == 0) {
/* Activate: after this, connection is globally visible. */
- con->c_flags |= CONN_ACTIVE;
+ atomic_or_uint(&con->c_flags, CONN_ACTIVE);
}
KASSERT(con->c_refcnt > 0);
atomic_dec_uint(&con->c_refcnt);
Index: src/sys/net/npf/npf_conn.h
diff -u src/sys/net/npf/npf_conn.h:1.7 src/sys/net/npf/npf_conn.h:1.8
--- src/sys/net/npf/npf_conn.h:1.7 Sun Nov 30 00:40:55 2014
+++ src/sys/net/npf/npf_conn.h Sat Dec 20 16:19:43 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_conn.h,v 1.7 2014/11/30 00:40:55 rmind Exp $ */
+/* $NetBSD: npf_conn.h,v 1.8 2014/12/20 16:19:43 rmind Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -47,7 +47,7 @@ typedef struct npf_connkey npf_connkey_t
#include <sys/rbtree.h>
/*
- * See npf_conn_key() function for the description key layout.
+ * See npf_conn_conkey() function for the key layout description.
*/
#define NPF_CONN_NKEYWORDS (2 + ((sizeof(npf_addr_t) * 2) >> 2))
#define NPF_CONN_MAXKEYLEN (NPF_CONN_NKEYWORDS * sizeof(uint32_t))
Index: src/sys/net/npf/npf_nat.c
diff -u src/sys/net/npf/npf_nat.c:1.37 src/sys/net/npf/npf_nat.c:1.38
--- src/sys/net/npf/npf_nat.c:1.37 Sun Nov 30 01:37:53 2014
+++ src/sys/net/npf/npf_nat.c Sat Dec 20 16:19:43 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_nat.c,v 1.37 2014/11/30 01:37:53 rmind Exp $ */
+/* $NetBSD: npf_nat.c,v 1.38 2014/12/20 16:19:43 rmind Exp $ */
/*-
* Copyright (c) 2014 Mindaugas Rasiukevicius <rmind at netbsd org>
@@ -71,7 +71,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_nat.c,v 1.37 2014/11/30 01:37:53 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_nat.c,v 1.38 2014/12/20 16:19:43 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -914,8 +914,8 @@ npf_nat_dump(const npf_nat_t *nt)
np = nt->nt_natpolicy;
memcpy(&ip, &np->n_taddr, sizeof(ip));
- printf("\tNATP(%p): type %d flags 0x%x taddr %s tport %d\n",
- np, np->n_type, np->n_flags, inet_ntoa(ip), np->n_tport);
+ printf("\tNATP(%p): type %d flags 0x%x taddr %s tport %d\n", np,
+ np->n_type, np->n_flags, inet_ntoa(ip), ntohs(np->n_tport));
memcpy(&ip, &nt->nt_oaddr, sizeof(ip));
printf("\tNAT: original address %s oport %d tport %d\n",
inet_ntoa(ip), ntohs(nt->nt_oport), ntohs(nt->nt_tport));
