diff options
| author | David Gwynne <dlg@cvs.openbsd.org> | 2022-12-16 02:05:46 +0000 |
|---|---|---|
| committer | David Gwynne <dlg@cvs.openbsd.org> | 2022-12-16 02:05:46 +0000 |
| commit | a5342d1c56ea225ea752c628beb9b6a17e4d30c7 (patch) | |
| tree | dad319c9f03a3771ae7d6f3e76f2b67044740f5d /libexec | |
| parent | 5726119b2193931f8f2a7e963ca85a012c3a7dec (diff) | |
always keep pf_state_keys attached to pf_states.
pf_state structures don't contain ip addresses, protocols, ports,
etc. that information is stored in a pf_state_key struct, which is
used to wire a state into the state table. when things like pfsync
or the pf state ioctls want to export information about a state,
particularly the addresses on it, they needs the pf_state_key struct
to read from.
before this diff the code assumed that when a state was removed
from the state tables it could throw the pf_state_key structs away
as part of that removal. this code changes it so once pf_state_insert
succeeds, a pf_state will keep its references to the pf_state_key
structs until the pf_state struct itself is being destroyed.
this allows anything that holds a reference to a pf_state to also
look at the pf_state_key structs because they're now effectively
an immutable part of the pf_state struct.
this is by far the simplest and most straightforward fix for pfsync
crashing on pf_state_key dereferences we've come up with so far.
it has been made possible by the addition of reference counts to
pf_state and pf_state_key structs, which allows us to properly
account for this adjusted lifecycle for pf_state_keys on pf_state
structs.
sashan@ and i have been kicking this diff around for a couple of
weeks now.
ok sashan@ jmatthew@
Diffstat (limited to 'libexec')
0 files changed, 0 insertions, 0 deletions