| created | 2022-05-15T19:19:36Z |
|---|---|
| begin | 2022-05-09T14:49:55Z |
| end | 2022-05-09T19:33:46Z |
| path | src/sys |
| commits | 1 |
| date | 2022-05-09T19:33:46Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/netinet/ip_divert.c | log | diff | annotate |
| src/sys/netinet6/ip6_divert.c | log | diff | annotate | |
| message |
Protect sbappendaddr() in divert_packet() with kernel lock. With divert-packet rules pf calls directly from IP layer to protocol layer. As the former has only shared net lock, additional protection against parallel access is needed. Kernel lock is a temporary workaround until the socket layer is MP safe. discussed with kettenis@ mvs@ |
|||