d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pf: Fix panic on vnet jail shutdown with synproxy

Browse Source 
When shutting down a vnet jail pf_shutdown() clears the remaining states, which
through pf_clear_states() calls pf_unlink_state().
For synproxy states pf_unlink_state() will send a TCP RST, which eventually
tries to schedule the pf swi in pf_send(). This means we can't remove the
software interrupt until after pf_shutdown().

MFC after:	1 week
This commit is contained in:
Kristof Provost 2018-07-14 09:11:32 +00:00
parent d59db438cb
commit 3e603d1ffa
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/netpfil/pf/pf_ioctl.c
View File

@ -3951,7 +3951,6 @@ pf_unload_vnet(void)
V_pf_vnet_active = 0; V_pf_vnet_active = 0;
V_pf_status.running = 0; V_pf_status.running = 0;
swi_remove(V_pf_swi_cookie);
error = dehook_pf(); error = dehook_pf();
if (error) { if (error) {
/* /*
@ -3967,6 +3966,8 @@ pf_unload_vnet(void)
shutdown_pf(); shutdown_pf();
PF_RULES_WUNLOCK(); PF_RULES_WUNLOCK();
swi_remove(V_pf_swi_cookie);
pf_unload_vnet_purge(); pf_unload_vnet_purge();
pf_normalize_cleanup(); pf_normalize_cleanup();