Hello Stuart,
On Wed, Jul 10, 2019 at 08:19:13PM +0100, Stuart Henderson wrote:
> On 2019/07/05 17:09, YASUOKA Masahiko wrote:
> > Hi,
> >
> > Previous diff made src-node have a reference for the kif. My
> > colleague pointed out that incrementing the reference count of the kif
> > is required.
> >
> > ok?
> >
> > Fix previous commit which made src-node have a reference for the kif.
> > Src-node should use the reference counter since it might live longer
> > than its table entry, rule or the associated states.
>
> I'm seeing crashes soon after starting network which must be related
> to this.
>
> I have a few rules with standard "max-src-conn-rate" options, e.g.
> "keep state (max-src-conn-rate 5/8 overload <BADHOSTS> flush global)"
> If I remove the max-src-conn-rate things are stable again.
>
does patch below fix the NULL pointer dereference panic for you?
thanks for report and
sorry for inconveniences
sashan
--------8<---------------8<---------------8<------------------8<--------
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 26c3d420254..9addec6d788 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -586,10 +586,12 @@ pf_insert_src_node(struct pf_src_node **sn, struct
pf_rule *rule,
}
(*sn)->creation = time_uptime;
(*sn)->rule.ptr->src_nodes++;
- (*sn)->kif = kif;
+ if (kif != NULL) {
+ (*sn)->kif = kif;
+ pfi_kif_ref(kif, PFI_KIF_REF_SRCNODE);
+ }
pf_status.scounters[SCNT_SRC_NODE_INSERT]++;
pf_status.src_nodes++;
- pfi_kif_ref(kif, PFI_KIF_REF_SRCNODE);
} else {
if (rule->max_src_states &&
(*sn)->states >= rule->max_src_states) {
