When an inpcb doesn't have a socket but the inpcb is passed to ipfw

in the transmit path, such as TCPS_TIMEWAIT, fail the credential extraction immediately rather than acquiring locks and looking up the inpcb on the global lists in order to reach the conclusion that the credential extraction has failed. This is more efficient, but more importantly, it avoids lock recursion on the inpcbinfo, which is no longer allowed with rwlocks. This appears to have been responsible for at least two reported panics. MFC after: 3 days Reported by: ganbold
svn path=/head/; revision=183418
2008-09-27 19:28:28 +00:00 · 2008-09-27 19:28:28 +00:00 · 47505890d6 · 2020-12-20 02:59:44 +00:00
commit 47505890d6
parent fd4cdfbf46
1 changed files with 2 additions and 1 deletions
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@ -1998,7 +1998,8 @@ check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif,
 		if (inp->inp_socket != NULL) {
 			fill_ugid_cache(inp, ugp);
 			*ugid_lookupp = 1;
-		}
+		} else
+			*ugid_lookupp = -1;
 	}
 	/*
 	 * If we have already been here and the packet has no