A flowtable entry can continue referencing an llentry indefinitely if the entry is repeatedly

referenced within its timeout window. This change clears the LLE_VALID flag when an llentry is removed from an interface's hash table and adds an extra check to the flowtable code for the LLE_VALID flag in llentry to avoid retaining and using a stale reference. Reviewed by: qingli@ MFC after: 2 weeks
2012-01-26 20:02:40 +00:00 · 2012-01-26 20:02:40 +00:00 · 0fe48d670f
commit 0fe48d670f
parent a1ae564ebf
2 changed files with 4 additions and 1 deletions
--- a/sys/net/flowtable.c
+++ b/sys/net/flowtable.c
@ -1186,12 +1186,14 @@ flowtable_lookup(struct flowtable *ft, struct sockaddr_storage *ssa,
 	rt = __DEVOLATILE(struct rtentry *, fle->f_rt);
 	lle = __DEVOLATILE(struct llentry *, fle->f_lle);
 	if ((rt != NULL)
+	    && lle != NULL
 	    && fle->f_fhash == hash
 	    && flowtable_key_equal(fle, key)
 	    && (proto == fle->f_proto)
 	    && (fibnum == fle->f_fibnum)
 	    && (rt->rt_flags & RTF_UP)
-	    && (rt->rt_ifp != NULL)) {
+	    && (rt->rt_ifp != NULL)
+	    && (lle->la_flags & LLE_VALID)) {
 		fs->ft_hits++;
 		fle->f_uptime = time_uptime;
 		fle->f_flags |= flags;
--- a/sys/net/if_llatbl.c
+++ b/sys/net/if_llatbl.c
@ -122,6 +122,7 @@ llentry_free(struct llentry *lle)
 		("%s: la_numheld %d > 0, pkts_droped %zd", __func__, 
 		 lle->la_numheld, pkts_dropped));

+	lle->la_flags &= ~LLE_VALID;
 	LLE_FREE_LOCKED(lle);

 	return (pkts_dropped);