in_ifinit() fix for SIOCSIFADDR

Sepherosa Ziehau sepherosa at gmail.com
Sat May 24 03:27:41 PDT 2008


Hi all,

Following scenario will cause inaddr hash table contains dangling
reference to 'ia':
- ifaceX has an AF_INET ia
- SIOCSIFADDR is used to change address, and new address' hash value
is different from ia's
- in in_ifinit()
  o  ia is currently in hash bucket B1
  o  ia is removed from B1 and installed into hash table using new
address hash value, assume its new hash bucket is B2, and B1 != B2
  o  ifnet.if_ioctl fails
  o  ia is reinstalled into hash bucket B1, but without being first
removed from hash bucket B2
  o  hash bucket B2 will have a dangling reference to ia

Old code will also leave ia in the wrong hash bucket, if the rtinit()
in in_ifinit() fails, is this an intended behavior?

SIOCAIFADDR is not affected.

Please review following patch:
http://leaf.dragonflybsd.org/~sephe/in_ifaddr.diff

Best Regards,
sephe

-- 
Live Free or Die





More information about the Submit mailing list