Tue Dec 30 19:11:44 2014 UTC ()
Don't forget to destroy the mutex before freeing the nat struct on a failed
load.
XXX: pullup -7


(christos)
diff -r1.38 -r1.39 src/sys/net/npf/npf_nat.c
cvs diff -r1.38 -r1.39 src/sys/net/npf/npf_nat.c (expand / switch to unified diff)

--- src/sys/net/npf/npf_nat.c 2014/12/20 16:19:43 1.38
+++ src/sys/net/npf/npf_nat.c 2014/12/30 19:11:44 1.39
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: npf_nat.c,v 1.38 2014/12/20 16:19:43 rmind Exp $ */ 1/* $NetBSD: npf_nat.c,v 1.39 2014/12/30 19:11:44 christos Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2014 Mindaugas Rasiukevicius <rmind at netbsd org> 4 * Copyright (c) 2014 Mindaugas Rasiukevicius <rmind at netbsd org>
5 * Copyright (c) 2010-2013 The NetBSD Foundation, Inc. 5 * Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * This material is based upon work partially supported by The 8 * This material is based upon work partially supported by The
9 * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. 9 * NetBSD Foundation under a contract with Mindaugas Rasiukevicius.
10 * 10 *
11 * Redistribution and use in source and binary forms, with or without 11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions 12 * modification, are permitted provided that the following conditions
13 * are met: 13 * are met:
14 * 1. Redistributions of source code must retain the above copyright 14 * 1. Redistributions of source code must retain the above copyright
@@ -61,27 +61,27 @@ @@ -61,27 +61,27 @@
61 * 61 *
62 * Connections, translation entries and their life-cycle 62 * Connections, translation entries and their life-cycle
63 * 63 *
64 * NAT module relies on connection tracking module. Each translated 64 * NAT module relies on connection tracking module. Each translated
65 * connection has an associated translation entry (npf_nat_t), which 65 * connection has an associated translation entry (npf_nat_t), which
66 * contains information used for backwards stream translation, i.e. 66 * contains information used for backwards stream translation, i.e.
67 * original IP address with port and translation port, allocated from 67 * original IP address with port and translation port, allocated from
68 * the port map. Each NAT entry is associated with the policy, which 68 * the port map. Each NAT entry is associated with the policy, which
69 * contains translation IP address. Allocated port is returned to the 69 * contains translation IP address. Allocated port is returned to the
70 * port map and NAT entry is destroyed when connection expires. 70 * port map and NAT entry is destroyed when connection expires.
71 */ 71 */
72 72
73#include <sys/cdefs.h> 73#include <sys/cdefs.h>
74__KERNEL_RCSID(0, "$NetBSD: npf_nat.c,v 1.38 2014/12/20 16:19:43 rmind Exp $"); 74__KERNEL_RCSID(0, "$NetBSD: npf_nat.c,v 1.39 2014/12/30 19:11:44 christos Exp $");
75 75
76#include <sys/param.h> 76#include <sys/param.h>
77#include <sys/types.h> 77#include <sys/types.h>
78 78
79#include <sys/atomic.h> 79#include <sys/atomic.h>
80#include <sys/bitops.h> 80#include <sys/bitops.h>
81#include <sys/condvar.h> 81#include <sys/condvar.h>
82#include <sys/kmem.h> 82#include <sys/kmem.h>
83#include <sys/mutex.h> 83#include <sys/mutex.h>
84#include <sys/pool.h> 84#include <sys/pool.h>
85#include <sys/proc.h> 85#include <sys/proc.h>
86#include <sys/cprng.h> 86#include <sys/cprng.h>
87 87
@@ -246,26 +246,27 @@ npf_nat_newpolicy(prop_dictionary_t natd @@ -246,26 +246,27 @@ npf_nat_newpolicy(prop_dictionary_t natd
246 */ 246 */
247 if (!npf_ruleset_sharepm(rset, np)) { 247 if (!npf_ruleset_sharepm(rset, np)) {
248 /* Allocate a new port map for the NAT policy. */ 248 /* Allocate a new port map for the NAT policy. */
249 pm = kmem_zalloc(PORTMAP_MEM_SIZE, KM_SLEEP); 249 pm = kmem_zalloc(PORTMAP_MEM_SIZE, KM_SLEEP);
250 pm->p_refcnt = 1; 250 pm->p_refcnt = 1;
251 KASSERT((uintptr_t)pm->p_bitmap == (uintptr_t)pm + sizeof(*pm)); 251 KASSERT((uintptr_t)pm->p_bitmap == (uintptr_t)pm + sizeof(*pm));
252 np->n_portmap = pm; 252 np->n_portmap = pm;
253 } else { 253 } else {
254 KASSERT(np->n_portmap != NULL); 254 KASSERT(np->n_portmap != NULL);
255 KASSERT(np->n_portmap->p_refcnt > 0); 255 KASSERT(np->n_portmap->p_refcnt > 0);
256 } 256 }
257 return np; 257 return np;
258err: 258err:
 259 mutex_destroy(&np->n_lock);
259 kmem_free(np, sizeof(npf_natpolicy_t)); 260 kmem_free(np, sizeof(npf_natpolicy_t));
260 return NULL; 261 return NULL;
261} 262}
262 263
263int 264int
264npf_nat_policyexport(const npf_natpolicy_t *np, prop_dictionary_t natdict) 265npf_nat_policyexport(const npf_natpolicy_t *np, prop_dictionary_t natdict)
265{ 266{
266 prop_data_t d; 267 prop_data_t d;
267 268
268 prop_dictionary_set_int32(natdict, "type", np->n_type); 269 prop_dictionary_set_int32(natdict, "type", np->n_type);
269 prop_dictionary_set_uint32(natdict, "flags", np->n_flags); 270 prop_dictionary_set_uint32(natdict, "flags", np->n_flags);
270 271
271 d = prop_data_create_data(&np->n_taddr, np->n_alen); 272 d = prop_data_create_data(&np->n_taddr, np->n_alen);