Hi all, Following scenario will cause inaddr hash table contains dangling reference to 'ia': - ifaceX has an AF_INET ia - SIOCSIFADDR is used to change address, and new address' hash value is different from ia's - in in_ifinit() o ia is currently in hash bucket B1 o ia is removed from B1 and installed into hash table using new address hash value, assume its new hash bucket is B2, and B1 != B2 o ifnet.if_ioctl fails o ia is reinstalled into hash bucket B1, but without being first removed from hash bucket B2 o hash bucket B2 will have a dangling reference to ia
Old code will also leave ia in the wrong hash bucket, if the rtinit() in in_ifinit() fails, is this an intended behavior? SIOCAIFADDR is not affected. Please review following patch: http://leaf.dragonflybsd.org/~sephe/in_ifaddr.diff Best Regards, sephe -- Live Free or Die
