On Wed, 10 Jul 2019 23:50:23 +0100
Stuart Henderson <s...@spacehopper.org> wrote:
> On 2019/07/10 23:27, Alexandr Nedvedicky wrote:
>> Hello Stuart,
>>
>> On Wed, Jul 10, 2019 at 08:19:13PM +0100, Stuart Henderson wrote:
>> > On 2019/07/05 17:09, YASUOKA Masahiko wrote:
>> > > Hi,
>> > >
>> > > Previous diff made src-node have a reference for the kif. My
>> > > colleague pointed out that incrementing the reference count of the kif
>> > > is required.
>> > >
>> > > ok?
>> > >
>> > > Fix previous commit which made src-node have a reference for the kif.
>> > > Src-node should use the reference counter since it might live longer
>> > > than its table entry, rule or the associated states.
>> >
>> > I'm seeing crashes soon after starting network which must be related
>> > to this.
>> >
>> > I have a few rules with standard "max-src-conn-rate" options, e.g.
>> > "keep state (max-src-conn-rate 5/8 overload <BADHOSTS> flush global)"
>> > If I remove the max-src-conn-rate things are stable again.
>> >
>>
>> does patch below fix the NULL pointer dereference panic for you?
>>
>> thanks for report and
>> sorry for inconveniences
>>
>> sashan
>
> Yes, that's working OK here now, thanks for the quick response.
Thank you for find and fix.
ok yasuoka
On Wed, 10 Jul 2019 23:50:23 +0100
Stuart Henderson <s...@spacehopper.org> wrote:
> On 2019/07/10 23:27, Alexandr Nedvedicky wrote:
>> Hello Stuart,
>>
>> On Wed, Jul 10, 2019 at 08:19:13PM +0100, Stuart Henderson wrote:
>> > On 2019/07/05 17:09, YASUOKA Masahiko wrote:
>> > > Hi,
>> > >
>> > > Previous diff made src-node have a reference for the kif. My
>> > > colleague pointed out that incrementing the reference count of the kif
>> > > is required.
>> > >
>> > > ok?
>> > >
>> > > Fix previous commit which made src-node have a reference for the kif.
>> > > Src-node should use the reference counter since it might live longer
>> > > than its table entry, rule or the associated states.
>> >
>> > I'm seeing crashes soon after starting network which must be related
>> > to this.
>> >
>> > I have a few rules with standard "max-src-conn-rate" options, e.g.
>> > "keep state (max-src-conn-rate 5/8 overload <BADHOSTS> flush global)"
>> > If I remove the max-src-conn-rate things are stable again.
>> >
>>
>> does patch below fix the NULL pointer dereference panic for you?
>>
>> thanks for report and
>> sorry for inconveniences
>>
>> sashan
>
> Yes, that's working OK here now, thanks for the quick response.
>
>
>> --------8<---------------8<---------------8<------------------8<--------
>> diff --git a/sys/net/pf.c b/sys/net/pf.c
>> index 26c3d420254..9addec6d788 100644
>> --- a/sys/net/pf.c
>> +++ b/sys/net/pf.c
>> @@ -586,10 +586,12 @@ pf_insert_src_node(struct pf_src_node **sn, struct
>> pf_rule *rule,
>> }
>> (*sn)->creation = time_uptime;
>> (*sn)->rule.ptr->src_nodes++;
>> - (*sn)->kif = kif;
>> + if (kif != NULL) {
>> + (*sn)->kif = kif;
>> + pfi_kif_ref(kif, PFI_KIF_REF_SRCNODE);
>> + }
>> pf_status.scounters[SCNT_SRC_NODE_INSERT]++;
>> pf_status.src_nodes++;
>> - pfi_kif_ref(kif, PFI_KIF_REF_SRCNODE);
>> } else {
>> if (rule->max_src_states &&
>> (*sn)->states >= rule->max_src_states) {
>>
