diff options
author | rwatson <rwatson@FreeBSD.org> | 2009-06-23 20:19:09 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2009-06-23 20:19:09 +0000 |
commit | c9ef486fe1d7da6a2212a337eacc5ed5b40f85d9 (patch) | |
tree | 5ce1a7dad67026f119a839b3325454ebafa72c51 /sys/netinet/ip_input.c | |
parent | f75c2385c686d82292982283b5f0a9c9988beda8 (diff) | |
download | FreeBSD-src-c9ef486fe1d7da6a2212a337eacc5ed5b40f85d9.zip FreeBSD-src-c9ef486fe1d7da6a2212a337eacc5ed5b40f85d9.tar.gz |
Modify most routines returning 'struct ifaddr *' to return references
rather than pointers, requiring callers to properly dispose of those
references. The following routines now return references:
ifaddr_byindex
ifa_ifwithaddr
ifa_ifwithbroadaddr
ifa_ifwithdstaddr
ifa_ifwithnet
ifaof_ifpforaddr
ifa_ifwithroute
ifa_ifwithroute_fib
rt_getifa
rt_getifa_fib
IFP_TO_IA
ip_rtaddr
in6_ifawithifp
in6ifa_ifpforlinklocal
in6ifa_ifpwithaddr
in6_ifadd
carp_iamatch6
ip6_getdstifaddr
Remove unused macro which didn't have required referencing:
IFP_TO_IA6
This closes many small races in which changes to interface
or address lists while an ifaddr was in use could lead to use of freed
memory (etc). In a few cases, add missing if_addr_list locking
required to safely acquire references.
Because of a lack of deep copying support, we accept a race in which
an in6_ifaddr pointed to by mbuf tags and extracted with
ip6_getdstifaddr() doesn't hold a reference while in transmit. Once
we have mbuf tag deep copy support, this can be fixed.
Reviewed by: bz
Obtained from: Apple, Inc. (portions)
MFC after: 6 weeks (portions)
Diffstat (limited to 'sys/netinet/ip_input.c')
-rw-r--r-- | sys/netinet/ip_input.c | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 8642e31..be4b084 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -622,8 +622,10 @@ passin: * enabled. */ if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr && - (!checkif || ia->ia_ifp == ifp)) + (!checkif || ia->ia_ifp == ifp)) { + ifa_ref(&ia->ia_ifa); goto ours; + } } /* * Check for broadcast addresses. @@ -641,15 +643,18 @@ passin: ia = ifatoia(ifa); if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr == ip->ip_dst.s_addr) { + ifa_ref(ifa); IF_ADDR_UNLOCK(ifp); goto ours; } if (ia->ia_netbroadcast.s_addr == ip->ip_dst.s_addr) { + ifa_ref(ifa); IF_ADDR_UNLOCK(ifp); goto ours; } #ifdef BOOTP_COMPAT if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY) { + ifa_ref(ifa); IF_ADDR_UNLOCK(ifp); goto ours; } @@ -742,6 +747,7 @@ ours: if (ia != NULL) { ia->ia_ifa.if_ipackets++; ia->ia_ifa.if_ibytes += m->m_pkthdr.len; + ifa_free(&ia->ia_ifa); } /* @@ -1335,8 +1341,8 @@ ipproto_unregister(u_char ipproto) } /* - * Given address of next destination (final or next hop), - * return internet address info of interface to be used to get there. + * Given address of next destination (final or next hop), return (referenced) + * internet address info of interface to be used to get there. */ struct in_ifaddr * ip_rtaddr(struct in_addr dst, u_int fibnum) @@ -1356,6 +1362,7 @@ ip_rtaddr(struct in_addr dst, u_int fibnum) return (NULL); ifa = ifatoia(sro.ro_rt->rt_ifa); + ifa_ref(&ifa->ia_ifa); RTFREE(sro.ro_rt); return (ifa); } @@ -1530,11 +1537,16 @@ ip_forward(struct mbuf *m, int srcrt) else { if (mcopy) m_freem(mcopy); + if (ia != NULL) + ifa_free(&ia->ia_ifa); return; } } - if (mcopy == NULL) + if (mcopy == NULL) { + if (ia != NULL) + ifa_free(&ia->ia_ifa); return; + } switch (error) { @@ -1592,6 +1604,8 @@ ip_forward(struct mbuf *m, int srcrt) */ if (V_ip_sendsourcequench == 0) { m_freem(mcopy); + if (ia != NULL) + ifa_free(&ia->ia_ifa); return; } else { type = ICMP_SOURCEQUENCH; @@ -1601,8 +1615,12 @@ ip_forward(struct mbuf *m, int srcrt) case EACCES: /* ipfw denied packet */ m_freem(mcopy); + if (ia != NULL) + ifa_free(&ia->ia_ifa); return; } + if (ia != NULL) + ifa_free(&ia->ia_ifa); icmp_error(mcopy, type, code, dest.s_addr, mtu); } |