diff options
| author | rwatson <rwatson@FreeBSD.org> | 2008-09-27 19:28:28 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2008-09-27 19:28:28 +0000 |
| commit | ee0f3b34ddd2bf5dd382037bab99a97f89ab5b8c (patch) | |
| tree | 1ccf28f8424a304459e7a70ce0467e046f6d2d2d | |
| parent | 82b3ad7e97d673439f16f4942b00d7a5704c5c2b (diff) | |
| download | FreeBSD-src-ee0f3b34ddd2bf5dd382037bab99a97f89ab5b8c.zip FreeBSD-src-ee0f3b34ddd2bf5dd382037bab99a97f89ab5b8c.tar.gz | |
When an inpcb doesn't have a socket but the inpcb is passed to ipfw
in the transmit path, such as TCPS_TIMEWAIT, fail the credential
extraction immediately rather than acquiring locks and looking up
the inpcb on the global lists in order to reach the conclusion that
the credential extraction has failed.
This is more efficient, but more importantly, it avoids lock
recursion on the inpcbinfo, which is no longer allowed with rwlocks.
This appears to have been responsible for at least two reported
panics.
MFC after: 3 days
Reported by: ganbold
| -rw-r--r-- | sys/netinet/ip_fw2.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index f9325bd..00ab781 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -1998,7 +1998,8 @@ check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif, if (inp->inp_socket != NULL) { fill_ugid_cache(inp, ugp); *ugid_lookupp = 1; - } + } else + *ugid_lookupp = -1; } /* * If we have already been here and the packet has no |
