Page MenuHomeFreeBSD

Avoid double reference decrement when firewalls force relooping of packets
ClosedPublic

Authored by eri on Jul 9 2015, 12:14 PM.
Referenced Files
Unknown Object (File)
Dec 20 2023, 4:56 AM
Unknown Object (File)
Nov 14 2023, 8:11 PM
Unknown Object (File)
Sep 29 2023, 3:15 AM
Unknown Object (File)
Aug 26 2023, 5:04 AM
Unknown Object (File)
Aug 14 2023, 10:30 PM
Unknown Object (File)
Aug 8 2023, 1:56 AM
Unknown Object (File)
Jul 13 2023, 1:23 PM
Unknown Object (File)
Jul 6 2023, 3:02 AM
Subscribers

Details

Summary

When firewalls force a reloop of packets and the caller supplied a route the reference to the route might be reduced twice creating issues.
This is especially the scenario when a packet is looped because of operation in the firewall but the new route lookup gives a down route.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

eri retitled this revision from to Avoid double reference decrement when firewalls force relooping of packets.
eri updated this object.
eri edited the test plan for this revision. (Show Details)
eri added a reviewer: gnn.
eri set the repository for this revision to rS FreeBSD src repository - subversion.
eri added a project: network.
eri added a subscriber: network.

It would be more visible if you take this into consideration https://reviews.freebsd.org/D3022

gnn edited edge metadata.

This is approved for the tree but I would like you to amend this review with a test that we can use to agree that this fix works.

This revision is now accepted and ready to land.Jul 27 2015, 3:08 PM

A test case is for example trying to change the fib to use when forwarding a packet by the firewall.
Also the route need to point to an route that is marked down for some reason...(like interface is not in up state).
Load pf/ipfw and try changing the fib to be used with appropriate rules this will trigger the bug.

This revision was automatically updated to reflect the committed changes.