diff options
author | darrenr <darrenr@FreeBSD.org> | 2007-10-30 15:23:27 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 2007-10-30 15:23:27 +0000 |
commit | e94bd5ada25b0e08188acabe9df8e8733cfea926 (patch) | |
tree | 1df015570c1a9b7994c7f033dc2725b6926c0962 /sys/contrib/ipfilter/netinet/ip_state.c | |
parent | 5d7d5a6a8a74e8bfaae42d0c4ed03cdabd86e7d9 (diff) | |
download | FreeBSD-src-e94bd5ada25b0e08188acabe9df8e8733cfea926.zip FreeBSD-src-e94bd5ada25b0e08188acabe9df8e8733cfea926.tar.gz |
Apply a few changes from ipfilter-current:
* Do not hold any locks over calls to copyin/copyout.
* Clean up some #ifdefs
* fix a possible mbuf leak when NAT fails on policy routed packets
PR: 117216
Diffstat (limited to 'sys/contrib/ipfilter/netinet/ip_state.c')
-rw-r--r-- | sys/contrib/ipfilter/netinet/ip_state.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_state.c b/sys/contrib/ipfilter/netinet/ip_state.c index cfb7974..aa9192a 100644 --- a/sys/contrib/ipfilter/netinet/ip_state.c +++ b/sys/contrib/ipfilter/netinet/ip_state.c @@ -655,10 +655,12 @@ caddr_t data; if (error != 0) return error; + READ_ENTER(&ipf_state); isn = ips.ips_next; if (isn == NULL) { isn = ips_list; if (isn == NULL) { + RWLOCK_EXIT(&ipf_state); if (ips.ips_next == NULL) return ENOENT; return 0; @@ -672,8 +674,10 @@ caddr_t data; for (is = ips_list; is; is = is->is_next) if (is == isn) break; - if (!is) + if (is == NULL) { + RWLOCK_EXIT(&ipf_state); return ESRCH; + } } ips.ips_next = isn->is_next; bcopy((char *)isn, (char *)&ips.ips_is, sizeof(ips.ips_is)); @@ -681,6 +685,7 @@ caddr_t data; if (isn->is_rule != NULL) bcopy((char *)isn->is_rule, (char *)&ips.ips_fr, sizeof(ips.ips_fr)); + RWLOCK_EXIT(&ipf_state); error = fr_outobj(data, &ips, IPFOBJ_STATESAVE); return error; } |