From nobody@FreeBSD.org  Wed Mar 16 14:28:34 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6DF561065670
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 16 Mar 2011 14:28:34 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 501108FC17
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 16 Mar 2011 14:28:34 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p2GESYC0090160
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 16 Mar 2011 14:28:34 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p2GESYfl090159;
	Wed, 16 Mar 2011 14:28:34 GMT
	(envelope-from nobody)
Message-Id: <201103161428.p2GESYfl090159@red.freebsd.org>
Date: Wed, 16 Mar 2011 14:28:34 GMT
From: Steve Polyack <spolyack@collaborativefusion.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Flowtable excessively caches dest MAC addresses for outgoing UDP traffic
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         155604
>Category:       kern
>Synopsis:       [flowtable] Flowtable excessively caches dest MAC addresses for outgoing traffic
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kmacy
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 16 14:30:19 UTC 2011
>Closed-Date:    Fri Feb 24 12:49:16 UTC 2012
>Last-Modified:  Fri Feb 24 12:49:16 UTC 2012
>Originator:     Steve Polyack
>Release:        8.1-RELEASE
>Organization:
Collaborative Fusion, Inc.
>Environment:
FreeBSD web00 8.1-RELEASE-p2 FreeBSD 8.1-RELEASE-p2 #1: Wed Dec  8 11:56:34 UTC 2010     root@web00:/usr/obj/usr/src/sys/WEB-1850-AMD64  amd64

>Description:
The flowtable facility added in 8.x and enabled by default can map new outgoing UDP packets to old gateway MAC addresses even after the system ARP tables have been updated.  This is particularly troubling for DNS requests on a busy server if the DNS requests must pass through a router before reaching the DNS server.  

The problem goes away after the flow expiration times, provided that you can prevent new UDP traffic that would match existing flows and prevent them from being expired.
>How-To-Repeat:
Setup a FreeBSD system to use a DNS server behind the default gateway or another router.  Now, replace the default gateway/router with something else (or simply change the MAC address on the gateway/router).  Attempt to make some DNS requests; tcpdump and you will see that the UDP DNS requests are still headed to the old MAC address of the router:

Current ARP table after the router replacement, the default gateway is 10.0.1.254, which it has the correct new MAC address for already, and the DNS server we are trying to reach is 10.0.2.80:
[spolyack@web01 ~]$ arp -an
? (10.0.1.17) at 00:0c:29:47:74:3a on em2 permanent [ethernet]
? (10.0.1.130) at 00:0c:29:47:74:26 on em0 permanent [ethernet]
? (10.0.1.254) at 00:a0:c9:00:01:01 on em0 expires in 915 seconds [ethernet]
? (10.0.0.17) at 00:0c:29:47:74:30 on em1 permanent [ethernet]
? (10.0.0.15) at 00:0c:29:47:74:30 on em1 permanent [ethernet]
? (10.0.0.11) at 00:0c:29:47:74:30 on em1 permanent [ethernet]
? (10.0.0.2) at 00:1f:a0:10:28:70 on em1 expires in 1162 seconds [ethernet]
? (10.0.0.1) at 00:1f:a0:10:28:70 on em1 expires in 943 seconds [ethernet]

tcpdump shows the DNS requests heading to the *old* router's MAC address despite the contents of the ARP table:
[spolyack@web01 ~]$ sudo tcpdump -i em0 -s 256 -vvv -e -n -ttt 'port 53'
tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 256 bytes
00:00:00.000000 00:0c:29:47:74:26 > 54:75:d0:a3:7c:8c, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 64, id 55590, offset 0, flags [none], proto UDP (17), length 72)
    10.0.1.130.52419 > 10.0.2.80.53: [bad udp cksum fdc5!] 52051+ A? db-testing-lab. (44)

Checking the ARP table again still shows no matches for the old MAC address:
[spolyack@web01 ~]$ arp -an | grep 54:75:d0
[spolyack@web01 ~]$ 

Interestingly enough, new TCP connections are not affected (presumably they do not match the old UDP flows):
[spolyack@web01 ~]$ telnet 10.0.2.80 53
Trying 10.0.2.80...
Connected to 10.0.2.80.
Escape character is '^]'.
00:03:43.272134 00:0c:29:47:74:26 > 00:a0:c9:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 64, id 24383, offset 0, flags [DF], proto TCP (6), length 60)
    10.0.2.130.20130 > 10.0.2.80.53: Flags [S], cksum 0x0353 (incorrect -> 0xf74d), seq 2674341615, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 60433610 ecr 0], length
.. 

tcpdumping and looking at ARP requests/responses doesn't show any traces of the old MAC address, nor does the switch connecting the server and router have any entries referencing the old router's MAC address.


Disabling the flowtable eliminates the problem completely, even on a running system that is currently experiencing the above behavior:

[spolyack@web01 ~]$ time host web00.lab00 ; sudo sysctl net.inet.flowtable.enable=0 ; time host web00.lab00
;; connection timed out; no servers could be reached

real    0m10.017s
user    0m0.000s
sys    0m0.008s

net.inet.flowtable.enable: 1 -> 0

web00.lab00 has address 10.0.1.129

real    0m0.069s
user    0m0.000s
sys    0m0.003s 
>Fix:
I'm not familiar with the flowtable code, so these are just general suggestions:
* If there is an ARP change (arp: xxx.xxx.xxx.xxx moved from <mac> to <mac> on em0), force expiration of flows in the flowtable which reference the old destination MAC
* Ensure that the flowtable is not matching new flows against existing flows too loosely.  If all of these new UDP DNS requests are coming from new source ports, and a flow is comprised of a 4-tuple of src port, src addr, dst port, and dst addr, then old flows should not be matched for new DNS requests.

>Release-Note:
>Audit-Trail:

From: Steve Polyack <spolyack@collaborativefusion.com>
To: bug-followup@FreeBSD.org, spolyack@collaborativefusion.com
Cc:  
Subject: Re: amd64/155604: Flowtable excessively caches dest MAC addresses
 for outgoing UDP traffic
Date: Wed, 16 Mar 2011 16:32:54 -0400

 I've just confirmed that this can also happen with TCP.  As long as 
 something on the freebsd system is constantly trying to form a 
 connection to the same destination address & port, the old MAC address 
 of the router is used as the destination MAC address for new connection 
 attempts.  Since the connection attempts continue to match the old 
 flows, they are never expired.  Disabling the flowtable again causes 
 things to immediately return to normal and send traffic to the correct 
 destination MAC address.
 
Responsible-Changed-From-To: freebsd-amd64->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Mar 16 21:09:22 UTC 2011 
Responsible-Changed-Why:  
reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=155604 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/155604: commit references a PR
Date: Sat, 19 Mar 2011 15:50:49 +0000 (UTC)

 Author: bz
 Date: Sat Mar 19 15:50:34 2011
 New Revision: 219775
 URL: http://svn.freebsd.org/changeset/base/219775
 
 Log:
   For now remove options FLOWTABLE from the remaining GENERIC kernel
   configurations and make it opt-in for those who want it.  LINT will
   still build it.
   
   While it may be a perfect win in some scenarios, it still troubles users
   (see PRs) in general cases.  In addition we are still allocating resources
   even if disabled by sysctl and still leak arp/nd6 entries in case of
   interface destruction.
   
   Discussed with:	qingli (2010-11-24, just never executed)
   Discussed with: juli (OCTEON1)
   PR:		kern/148018, kern/155604, kern/144917, kern/146792
   MFC after:	2 weeks
 
 Modified:
   head/sys/amd64/conf/GENERIC
   head/sys/i386/conf/GENERIC
   head/sys/ia64/conf/GENERIC
   head/sys/mips/conf/OCTEON1
 
 Modified: head/sys/amd64/conf/GENERIC
 ==============================================================================
 --- head/sys/amd64/conf/GENERIC	Sat Mar 19 14:44:24 2011	(r219774)
 +++ head/sys/amd64/conf/GENERIC	Sat Mar 19 15:50:34 2011	(r219775)
 @@ -61,7 +61,6 @@ options 	KBD_INSTALL_CDEV	# install a CD
  options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
  options 	AUDIT			# Security event auditing
  options 	MAC			# TrustedBSD MAC Framework
 -options 	FLOWTABLE		# per-cpu routing cache
  #options 	KDTRACE_FRAME		# Ensure frames are compiled in
  #options 	KDTRACE_HOOKS		# Kernel DTrace hooks
  options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
 
 Modified: head/sys/i386/conf/GENERIC
 ==============================================================================
 --- head/sys/i386/conf/GENERIC	Sat Mar 19 14:44:24 2011	(r219774)
 +++ head/sys/i386/conf/GENERIC	Sat Mar 19 15:50:34 2011	(r219775)
 @@ -62,7 +62,6 @@ options 	KBD_INSTALL_CDEV	# install a CD
  options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
  options 	AUDIT			# Security event auditing
  options 	MAC			# TrustedBSD MAC Framework
 -options 	FLOWTABLE		# per-cpu routing cache
  #options 	KDTRACE_HOOKS		# Kernel DTrace hooks
  options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
  
 
 Modified: head/sys/ia64/conf/GENERIC
 ==============================================================================
 --- head/sys/ia64/conf/GENERIC	Sat Mar 19 14:44:24 2011	(r219774)
 +++ head/sys/ia64/conf/GENERIC	Sat Mar 19 15:50:34 2011	(r219775)
 @@ -31,8 +31,6 @@ options 	COMPAT_FREEBSD7	# Compatible wi
  options 	DDB		# Support DDB
  options 	DEADLKRES	# Enable the deadlock resolver
  options 	FFS		# Berkeley Fast Filesystem
 -#options 	FLOWTABLE	# per-cpu routing cache (removed due to
 -				# misaligned access -- see kern/148018)
  options 	GDB		# Support remote GDB
  options 	GEOM_LABEL	# Provides labelization
  options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
 
 Modified: head/sys/mips/conf/OCTEON1
 ==============================================================================
 --- head/sys/mips/conf/OCTEON1	Sat Mar 19 14:44:24 2011	(r219774)
 +++ head/sys/mips/conf/OCTEON1	Sat Mar 19 15:50:34 2011	(r219775)
 @@ -73,7 +73,6 @@ options 	PRINTF_BUFR_SIZE=128	# Prevent 
  options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
  options 	AUDIT			# Security event auditing
  options 	MAC			# TrustedBSD MAC Framework
 -options 	FLOWTABLE		# per-cpu routing cache
  #options 	KDTRACE_FRAME		# Ensure frames are compiled in
  #options 	KDTRACE_HOOKS		# Kernel DTrace hooks
  options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/155604: commit references a PR
Date: Sat,  9 Apr 2011 12:04:45 +0000 (UTC)

 Author: bz
 Date: Sat Apr  9 12:04:35 2011
 New Revision: 220486
 URL: http://svn.freebsd.org/changeset/base/220486
 
 Log:
   MFC r219775:
   
     For now remove options FLOWTABLE from the remaining GENERIC kernel
     configurations and make it opt-in for those who want it.  LINT will
     still build it.
   
     While it may be a perfect win in some scenarios, it still troubles users
     (see PRs) in general cases.  In addition we are still allocating resources
     even if disabled by sysctl and still leak arp/nd6 entries in case of
     interface destruction.
   
     Discussed with:	qingli (2010-11-24, just never executed)
     Discussed with:	juli (OCTEON1)
   PR:			kern/148018, kern/155604, kern/144917, kern/146792
 
 Modified:
   stable/8/sys/amd64/conf/GENERIC
   stable/8/sys/i386/conf/GENERIC
   stable/8/sys/ia64/conf/GENERIC
   stable/8/sys/mips/conf/OCTEON1
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/amd64/conf/GENERIC
 ==============================================================================
 --- stable/8/sys/amd64/conf/GENERIC	Sat Apr  9 11:03:04 2011	(r220485)
 +++ stable/8/sys/amd64/conf/GENERIC	Sat Apr  9 12:04:35 2011	(r220486)
 @@ -72,7 +72,6 @@ options 	KBD_INSTALL_CDEV	# install a CD
  options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
  options 	AUDIT			# Security event auditing
  options 	MAC			# TrustedBSD MAC Framework
 -options 	FLOWTABLE		# per-cpu routing cache
  #options 	KDTRACE_FRAME		# Ensure frames are compiled in
  #options 	KDTRACE_HOOKS		# Kernel DTrace hooks
  options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
 
 Modified: stable/8/sys/i386/conf/GENERIC
 ==============================================================================
 --- stable/8/sys/i386/conf/GENERIC	Sat Apr  9 11:03:04 2011	(r220485)
 +++ stable/8/sys/i386/conf/GENERIC	Sat Apr  9 12:04:35 2011	(r220486)
 @@ -73,7 +73,6 @@ options 	KBD_INSTALL_CDEV	# install a CD
  options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
  options 	AUDIT			# Security event auditing
  options 	MAC			# TrustedBSD MAC Framework
 -options 	FLOWTABLE		# per-cpu routing cache
  #options 	KDTRACE_HOOKS		# Kernel DTrace hooks
  options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
  
 
 Modified: stable/8/sys/ia64/conf/GENERIC
 ==============================================================================
 --- stable/8/sys/ia64/conf/GENERIC	Sat Apr  9 11:03:04 2011	(r220485)
 +++ stable/8/sys/ia64/conf/GENERIC	Sat Apr  9 12:04:35 2011	(r220486)
 @@ -31,7 +31,6 @@ options 	COMPAT_43TTY	# BSD 4.3 TTY comp
  options 	COMPAT_FREEBSD6	# Compatible with FreeBSD6
  options 	COMPAT_FREEBSD7	# Compatible with FreeBSD7
  options 	FFS		# Berkeley Fast Filesystem
 -options 	FLOWTABLE	# per-cpu routing cache
  options 	GDB		# Support remote GDB
  options 	GEOM_LABEL	# Provides labelization
  options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
 
 Modified: stable/8/sys/mips/conf/OCTEON1
 ==============================================================================
 --- stable/8/sys/mips/conf/OCTEON1	Sat Apr  9 11:03:04 2011	(r220485)
 +++ stable/8/sys/mips/conf/OCTEON1	Sat Apr  9 12:04:35 2011	(r220486)
 @@ -76,7 +76,6 @@ options 	PRINTF_BUFR_SIZE=128	# Prevent 
  options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
  options 	AUDIT			# Security event auditing
  options 	MAC			# TrustedBSD MAC Framework
 -options 	FLOWTABLE		# per-cpu routing cache
  #options 	KDTRACE_FRAME		# Ensure frames are compiled in
  #options 	KDTRACE_HOOKS		# Kernel DTrace hooks
  options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Steve Polyack <spolyack@collaborativefusion.com>
Cc: bug-followup@FreeBSD.org
Subject: kern/155604: [flowtable] Flowtable excessively caches dest MAC
 addresses for outgoing traffic
Date: Mon, 17 Oct 2011 19:59:42 +0400

   Steve,
 
   looks like this bug is fixed in 8.2 and later versions of FreeBSD.
 Can I close the PR?
 
 -- 
 Totus tuus, Glebius.

From: Steve Polyack <spolyack@collaborativefusion.com>
To: Gleb Smirnoff <glebius@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/155604: [flowtable] Flowtable excessively caches dest MAC
 addresses for outgoing traffic
Date: Mon, 17 Oct 2011 12:04:35 -0400

 On 10/17/2011 11:59 AM, Gleb Smirnoff wrote:
 >    Steve,
 >
 >    looks like this bug is fixed in 8.2 and later versions of FreeBSD.
 > Can I close the PR?
 >
 IMHO, the fix is merely a workaround (disabling FLOWTABLE by default in 
 the kernel configuration).  If a user turns flowtable on, they will 
 still encounter the same problem as I described.
 
 We don't have a reason to turn the flowtable feature back on, so it 
 doesn't really affect us either way.  I'll leave it up to you as to 
 whether you want to close it or have someone take a deeper look.
 
 Thanks for checking,
 
 -- 
 http://www.intermedix.com
 Steve Polyack, System Engineer
 T: 412-422-3463 x4026
 spolyack@collaborativefusion.com
 
 The information contained in this message is confidential and may be privileged and/or protected under law. If you received this message in error, please notify us immediately by forwarding a copy to karen.collier@intermedix.com and then deleting the original message and any attachments.
 

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Steve Polyack <spolyack@collaborativefusion.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/155604: [flowtable] Flowtable excessively caches dest MAC
 addresses for outgoing traffic
Date: Mon, 17 Oct 2011 21:45:56 +0400

 On Mon, Oct 17, 2011 at 12:04:35PM -0400, Steve Polyack wrote:
 S> >    looks like this bug is fixed in 8.2 and later versions of FreeBSD.
 S> > Can I close the PR?
 S> >
 S> IMHO, the fix is merely a workaround (disabling FLOWTABLE by default in 
 S> the kernel configuration).  If a user turns flowtable on, they will 
 S> still encounter the same problem as I described.
 S> 
 S> We don't have a reason to turn the flowtable feature back on, so it 
 S> doesn't really affect us either way.  I'll leave it up to you as to 
 S> whether you want to close it or have someone take a deeper look.
 
 You misunderstood me. I meant that the problem is no longer
 present with flowtable turned on. I have just tried to reproduce
 your problem on 8.2 and on head, and failed.
 
 I've found some reports in my private emails that claim that
 problem is only present only in 8.0 and 8.1. However, I haven't
 find the actual fix in commitlogs.
 
 -- 
 Totus tuus, Glebius.

From: "Steven Hartland" <killing@multiplay.co.uk>
To: <bug-followup@freebsd.org>,
	<spolyack@collaborativefusion.com>
Subject: Re: kern/155604: [flowtable] Flowtable excessively caches dest MAC addresses for outgoing traffic
Date: Sat, 22 Oct 2011 01:50:33 +0100

We've just experienced this on 8.2-RELEASE so it is still
an issue at least at that version.

In our case IP of the local subnet DNS server moved and
some 8.2 machines worked, some didn't and some worked
intermittently.

Disabling flowtable with: sysctl net.inet.flowtable.enable=0
instantly fixed the machines which where misbehaving.

    Regards
    Steve

================================================
This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. 

In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337
or return the E.mail to postmaster@multiplay.co.uk.


Can you please try out the following change:
diff --combined sys/net/flowtable.c
index fac0f59,7814e3a..0000000
--- a/sys/net/flowtable.c
+++ b/sys/net/flowtable.c
@@@ -1186,14 -1186,12 +1186,14 @@@ keycheck
        rt = __DEVOLATILE(struct rtentry *, fle->f_rt);
        lle = __DEVOLATILE(struct llentry *, fle->f_lle);
        if ((rt != NULL)
 +          && lle != NULL
            && fle->f_fhash == hash
            && flowtable_key_equal(fle, key)
            && (proto == fle->f_proto)
            && (fibnum == fle->f_fibnum)
            && (rt->rt_flags & RTF_UP)
 -          && (rt->rt_ifp != NULL)) {
 +          && (rt->rt_ifp != NULL)
 +          && (lle->la_flags & LLE_VALID)) {
                fs->ft_hits++;
                fle->f_uptime = time_uptime;
                fle->f_flags |= flags;
diff --combined sys/net/if_llatbl.c
index 8092f0f,559a174..0000000
--- a/sys/net/if_llatbl.c
+++ b/sys/net/if_llatbl.c
@@@ -122,7 -122,6 +122,7 @@@ llentry_free(struct llentry *lle
                ("%s: la_numheld %d > 0, pkts_droped %zd", __func__, 
                 lle->la_numheld, pkts_dropped));
  
 +      lle->la_flags &= ~LLE_VALID;
        LLE_FREE_LOCKED(lle);
  
        return (pkts_dropped);

Provided it fixes the issue I will commit and MFC.



Responsible-Changed-From-To: freebsd-net->kmacy 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Tue Jan 17 14:10:55 UTC 2012 
Responsible-Changed-Why:  
Over to author of flowtable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=155604 

Date: Mon, 23 Jan 2012 21:39:02 +0100
From: "K. Macy" <kmacy@freebsd.org>
Sender: kmacybsd@gmail.com
To: bug-followup@freebsd.org
Subject: Fwd: kern/155604: [flowtable] Flowtable excessively caches dest MAC
 addresses for outgoing traffic

 I have updated the PR with a simple inline patch which should correct
 the problem. If you are able to test, please do.
 
 Cheers
 
 http://www.freebsd.org/cgi/query-pr.cgi?pr=155604
State-Changed-From-To: open->feedback 
State-Changed-By: kmacy 
State-Changed-When: Mon Jan 23 17:12:01 UTC 2012 
State-Changed-Why:  
inserted patch, waiting for user feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=155604 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/155604: commit references a PR
Date: Fri, 24 Feb 2012 12:33:12 +0000 (UTC)

 Author: glebius
 Date: Fri Feb 24 12:32:50 2012
 New Revision: 232107
 URL: http://svn.freebsd.org/changeset/base/232107
 
 Log:
   Merge r230598 by kmacy from head:
   
     A flowtable entry can continue referencing an llentry indefinitely
     if the entry is repeatedly referenced within its timeout window.
     This change clears the LLE_VALID flag when an llentry is removed
     from an interface's hash table and adds an extra check to the
     flowtable code for the LLE_VALID flag in llentry to avoid retaining
     and using a stale reference.
   
     Reviewed by:    qingli@
   
   PR:		kern/155604
   Approved by:	re (kib)
 
 Modified:
   stable/8/sys/net/flowtable.c
   stable/8/sys/net/if_llatbl.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/boot/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
   stable/8/sys/dev/e1000/   (props changed)
 
 Modified: stable/8/sys/net/flowtable.c
 ==============================================================================
 --- stable/8/sys/net/flowtable.c	Fri Feb 24 12:22:29 2012	(r232106)
 +++ stable/8/sys/net/flowtable.c	Fri Feb 24 12:32:50 2012	(r232107)
 @@ -1186,12 +1186,14 @@ keycheck:	
  	rt = __DEVOLATILE(struct rtentry *, fle->f_rt);
  	lle = __DEVOLATILE(struct llentry *, fle->f_lle);
  	if ((rt != NULL)
 +	    && lle != NULL
  	    && fle->f_fhash == hash
  	    && flowtable_key_equal(fle, key)
  	    && (proto == fle->f_proto)
  	    && (fibnum == fle->f_fibnum)
  	    && (rt->rt_flags & RTF_UP)
 -	    && (rt->rt_ifp != NULL)) {
 +	    && (rt->rt_ifp != NULL)
 +	    && (lle->la_flags & LLE_VALID)) {
  		fs->ft_hits++;
  		fle->f_uptime = time_uptime;
  		fle->f_flags |= flags;
 
 Modified: stable/8/sys/net/if_llatbl.c
 ==============================================================================
 --- stable/8/sys/net/if_llatbl.c	Fri Feb 24 12:22:29 2012	(r232106)
 +++ stable/8/sys/net/if_llatbl.c	Fri Feb 24 12:32:50 2012	(r232107)
 @@ -125,6 +125,7 @@ llentry_free(struct llentry *lle)
  		("%s: la_numheld %d > 0, pkts_droped %zd", __func__, 
  		 lle->la_numheld, pkts_dropped));
  
 +	lle->la_flags &= ~LLE_VALID;
  	LLE_FREE_LOCKED(lle);
  
  	return (pkts_dropped);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: feedback->closed 
State-Changed-By: glebius 
State-Changed-When: Fri Feb 24 12:48:55 UTC 2012 
State-Changed-Why:  
Fix merged to stable/8 and stable/9. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=155604 
>Unformatted:
