Author: tuexen
Date: Sun Oct 9 14:12:17 2011
New Revision: 226168
URL: http://svn.freebsd.org/changeset/base/226168
Log:
Update the inp stored in a HB-timer when moving an stcb to a new inp.
Use only this stored inp when processing a HB timeout.
This fixes a bug which results in a crash.
MFC after: 3 days.
Modified:
head/sys/netinet/sctp_pcb.c
head/sys/netinet/sctputil.c
Modified: head/sys/netinet/sctp_pcb.c
==============================================================================
--- head/sys/netinet/sctp_pcb.c Sun Oct 9 10:58:58 2011 (r226167)
+++ head/sys/netinet/sctp_pcb.c Sun Oct 9 14:12:17 2011 (r226168)
@@ -2804,6 +2804,7 @@ sctp_move_pcb_and_assoc(struct sctp_inpc
/* now what about the nets? */
TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
net->pmtu_timer.ep = (void *)new_inp;
+ net->hb_timer.ep = (void *)new_inp;
net->rxt_timer.ep = (void *)new_inp;
}
SCTP_INP_WUNLOCK(new_inp);
Modified: head/sys/netinet/sctputil.c
==============================================================================
--- head/sys/netinet/sctputil.c Sun Oct 9 10:58:58 2011 (r226167)
+++ head/sys/netinet/sctputil.c Sun Oct 9 14:12:17 2011 (r226168)
@@ -1661,7 +1661,7 @@ sctp_timeout_handler(void *t)
sctp_auditing(4, inp, stcb, net);
#endif
if (!(net->dest_state & SCTP_ADDR_NOHB)) {
- sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT,
stcb->sctp_ep, stcb, net);
+ sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb,
net);
sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR,
SCTP_SO_NOT_LOCKED);
}
break;
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
