HomeFreeBSD
Diffusion FreeBSD src repository 58a26743145a

pf: Ensure that st->kif is obtained in a way which respects the r->rpool->mtx…
58a26743145a
Actions

Description

pf: Ensure that st->kif is obtained in a way which respects the r->rpool->mtx mutex

The redirection pool stored in r->rpool.cur is used for loadbalancing
and cur can change whenever loadbalancing happens, which is for every
new connection. Therefore it can't be trusted outside of pf_map_addr()
and the r->rpool->mtx mutex. After evaluating the ruleset, loadbalancing
decission is made in pf_map_addr() called from within pf_create_state()
and stored in the state itself.

This patch modifies BOUND_IFACE() so that it only uses the information
already stored in the state which has been obtained in a way which
respects the r->rpool->mtx mutex.

Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D43741

Details

Provenance
vegeta_tuxpowered.netAuthored on Feb 5 2024, 4:22 PM
kpCommitted on Feb 6 2024, 4:24 PM
Reviewer
kp
Differential Revision
D43741: pf: Ensure that st->kif is obtained in a way which respects the r->rpool->mtx mutex
Parents
rG8a16fd431d83: Revert "pf: Ensure that st->kif is obtained in a way which respects the r…
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
netpfil/
pf/

rG58a26743145a

View Options

sys/netpfil/pf/pf.c

Loading...