Re: IPFilter issue in -current

To: Geoff Adams <gadams+netbsd%avernus.com@localhost>
Subject: Re: IPFilter issue in -current
From: Darren Reed <darrenr%netbsd.org@localhost>
Date: Sun, 23 Dec 2012 18:22:55 +1100

The ns_bucketlen issue should be easier to track down with the help
of a DEBUG build (for ASSERT!) and the patch below. Though it seems
likely a return path for a failed insert is going to be to blame.

Darren


Index: ip_nat.c
===================================================================
RCS file: /devel/CVS/IP-Filter/ip_nat.c,v
retrieving revision 2.357.2.41
diff -u -r2.357.2.41 ip_nat.c
--- ip_nat.c    25 Aug 2012 14:44:42 -0000      2.357.2.41
+++ ip_nat.c    23 Dec 2012 07:03:56 -0000
@@ -2322,6 +2322,7 @@

                bkt = nat->nat_hv[0] % softn->ipf_nat_table_sz;
                nss = &softn->ipf_nat_stats.ns_side[0];
+               ASSERT(nss->ns_bucketlen[bkt] > 0);
                nss->ns_bucketlen[bkt]--;
                if (nss->ns_bucketlen[bkt] == 0) {
                        nss->ns_inuse--;
@@ -2329,6 +2330,7 @@

                bkt = nat->nat_hv[1] % softn->ipf_nat_table_sz;
                nss = &softn->ipf_nat_stats.ns_side[1];
+               ASSERT(nss->ns_bucketlen[bkt] > 0);
                nss->ns_bucketlen[bkt]--;
                if (nss->ns_bucketlen[bkt] == 0) {
                        nss->ns_inuse--;
@@ -3510,9 +3512,11 @@

 /* ------------------------------------------------------------------------ */
 /* Function:    ipf_nat_hashtab_add                                         */
+/* Returns:     int - 0 == sucess, -1 == failure                            */
 /* Parameters:  softc(I) - pointer to soft context main structure           */
 /*              softn(I) - pointer to NAT context structure                 */
 /*              nat(I) - pointer to NAT structure                           */
+/* Write Lock:  ipf_nat                                                     */
 /*                                                                          */
 /* Handle the insertion of a NAT entry into the table/list.                 */
 /* ------------------------------------------------------------------------ */
@@ -4341,14 +4345,16 @@
        if (nat->nat_hnext[0])
                nat->nat_hnext[0]->nat_phnext[0] = nat->nat_phnext[0];
        *nat->nat_phnext[0] = nat->nat_hnext[0];
-       nsp->ns_side[0].ns_bucketlen[nat->nat_hv[0] %
-                                    softn->ipf_nat_table_sz]--;
+       hv0 = nat->nat_hv[0] % softn->ipf_nat_table_sz;
+       ASSERT(nsp->ns_side[0].ns_bucketlen[hv0] > 0);
+       nsp->ns_side[0].ns_bucketlen[hv0]--;

        if (nat->nat_hnext[1])
                nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1];
        *nat->nat_phnext[1] = nat->nat_hnext[1];
-       nsp->ns_side[1].ns_bucketlen[nat->nat_hv[1] %
-                                    softn->ipf_nat_table_sz]--;
+       hv1 = nat->nat_hv[1] % softn->ipf_nat_table_sz;
+       ASSERT(nsp->ns_side[1].ns_bucketlen[hv1] > 0);
+       nsp->ns_side[1].ns_bucketlen[hv1]--;

        /*
         * Add into the NAT table in the new position

Follow-Ups:
- Re: IPFilter issue in -current
  - From: Geoff Adams

References:
- IPFilter issue in -current
  - From: Geoff Adams
- Re: IPFilter issue in -current
  - From: Christos Zoulas
- Re: IPFilter issue in -current
  - From: Geoff Adams
- Re: IPFilter issue in -current
  - From: Geoff Adams
- Re: IPFilter issue in -current
  - From: Christos Zoulas
- Re: IPFilter issue in -current
  - From: Geoff Adams
- Re: IPFilter issue in -current
  - From: Mike Pumford
- Re: IPFilter issue in -current
  - From: Geoff Adams
- Re: IPFilter issue in -current
  - From: Geoff Adams

Prev by Date: Re: IPFilter issue in -current
Next by Date: Re: IPFilter issue in -current
Previous by Thread: Re: IPFilter issue in -current
Next by Thread: Re: IPFilter issue in -current
Indexes:

Home | Main Index | Thread Index | Old Index