On 2019/07/10 23:27, Alexandr Nedvedicky wrote:
> Hello Stuart,
>
> On Wed, Jul 10, 2019 at 08:19:13PM +0100, Stuart Henderson wrote:
> > On 2019/07/05 17:09, YASUOKA Masahiko wrote:
> > > Hi,
> > >
> > > Previous diff made src-node have a reference for the kif. My
> > > colleague pointed out that incrementing the reference count of the kif
> > > is required.
> > >
> > > ok?
> > >
> > > Fix previous commit which made src-node have a reference for the kif.
> > > Src-node should use the reference counter since it might live longer
> > > than its table entry, rule or the associated states.
> >
> > I'm seeing crashes soon after starting network which must be related
> > to this.
> >
> > I have a few rules with standard "max-src-conn-rate" options, e.g.
> > "keep state (max-src-conn-rate 5/8 overload <BADHOSTS> flush global)"
> > If I remove the max-src-conn-rate things are stable again.
> >
>
> does patch below fix the NULL pointer dereference panic for you?
>
> thanks for report and
> sorry for inconveniences
>
> sashan
Yes, that's working OK here now, thanks for the quick response.
> --------8<---------------8<---------------8<------------------8<--------
> diff --git a/sys/net/pf.c b/sys/net/pf.c
> index 26c3d420254..9addec6d788 100644
> --- a/sys/net/pf.c
> +++ b/sys/net/pf.c
> @@ -586,10 +586,12 @@ pf_insert_src_node(struct pf_src_node **sn, struct
> pf_rule *rule,
> }
> (*sn)->creation = time_uptime;
> (*sn)->rule.ptr->src_nodes++;
> - (*sn)->kif = kif;
> + if (kif != NULL) {
> + (*sn)->kif = kif;
> + pfi_kif_ref(kif, PFI_KIF_REF_SRCNODE);
> + }
> pf_status.scounters[SCNT_SRC_NODE_INSERT]++;
> pf_status.src_nodes++;
> - pfi_kif_ref(kif, PFI_KIF_REF_SRCNODE);
> } else {
> if (rule->max_src_states &&
> (*sn)->states >= rule->max_src_states) {
>
