Fix a race: we should update sc_len before dropping the pf lock, otherwise a

number of packets can be queued on sc, while we are in ip_output(), and then
we wipe the accumulated sc_len. On next pfsync_sendout() that would lead to
writing beyond our mbuf cluster.
This commit is contained in:
glebius 2011-10-21 22:28:15 +00:00
parent 1f39d42bbd
commit 904eece235

View File

@ -2354,6 +2354,7 @@ pfsync_sendout(void)
sc->sc_if.if_obytes += m->m_pkthdr.len;
#endif
sc->sc_len = PFSYNC_MINPKT;
#ifdef __FreeBSD__
PF_UNLOCK();
#endif
@ -2375,9 +2376,6 @@ pfsync_sendout(void)
#ifdef __FreeBSD__
}
#endif
/* start again */
sc->sc_len = PFSYNC_MINPKT;
}
void