/* * netsniff-ng - the packet sniffing beast * Copyright 2012 Markus Amend , Deutsche Flugsicherung GmbH * Subject to the GPL, version 2. * * IPv6 Routing Header described in RFC2460 */ #include #include #include /* for ntohs() and "struct in6_addr" */ #include /* for inet_ntop() */ #include "proto.h" #include "dissector_eth.h" #include "built_in.h" #include "pkt_buff.h" #define ROUTING_HEADER_TYPE_0 0x00 struct routinghdr { uint8_t h_next_header; uint8_t h_hdr_ext_len; uint8_t h_routing_type; uint8_t h_segments_left; } __packed; struct routinghdr_0 { uint32_t reserved; uint32_t addresses[0]; } __packed; static void dissect_routinghdr_type_0(struct pkt_buff *pkt, ssize_t *data_len, int less) { uint8_t num_addr; char address[INET6_ADDRSTRLEN]; struct in6_addr *addr; struct routinghdr_0 *routing_0; routing_0 = (struct routinghdr_0 *) pkt_pull(pkt, sizeof(*routing_0)); *data_len -= sizeof(*routing_0); if (routing_0 == NULL || *data_len > pkt_len(pkt) || *data_len < 0) return; if (less) { tprintf("Addresses (%zu)", *data_len / sizeof(struct in6_addr)); return; } tprintf("Res (0x%x)", routing_0->reserved); num_addr = *data_len / sizeof(*addr); while (num_addr--) { addr = (struct in6_addr *) pkt_pull(pkt, sizeof(*addr)); *data_len -= sizeof(*addr); if (addr == NULL || *data_len > pkt_len(pkt) || *data_len < 0) return; tprintf("\n\t Address: %s", inet_ntop(AF_INET6, addr, address, sizeof(address))); } } static inline void dissect_routinghdr_type_0_norm(struct pkt_buff *pkt, ssize_t *data_len) { dissect_routinghdr_type_0(pkt, data_len, 0); } static inline void dissect_routinghdr_type_0_less(struct pkt_buff *pkt, ssize_t *data_len) { dissect_routinghdr_type_0(pkt, data_len, 1); } static void routing(struct pkt_buff *pkt) { uint16_t hdr_ext_len; ssize_t data_len; struct routinghdr *routing; routing = (struct routinghdr *) pkt_pull(pkt, sizeof(*routing)); if (routing == NULL) return; /* Total Header Length in Bytes */ hdr_ext_len = (routing->h_hdr_ext_len + 1) * 8; /* Data length in Bytes */ data_len = hdr_ext_len - sizeof(*routing); tprintf("\t [ Routing "); tprintf("NextHdr (%u), ", routing->h_next_header); if (data_len > pkt_len(pkt) || data_len < 0){ tprintf("HdrExtLen (%u, %u Bytes %s), ", routing->h_hdr_ext_len, hdr_ext_len, colorize_start_full(black, red) "invalid" colorize_end()); return; } tprintf("HdrExtLen (%u, %u Bytes), ", routing->h_hdr_ext_len, hdr_ext_len); tprintf("Type (%u), ", routing->h_routing_type); tprintf("Left (%u), ", routing->h_segments_left); switch (routing->h_routing_type) { case ROUTING_HEADER_TYPE_0: dissect_routinghdr_type_0_norm(pkt, &data_len); break; default: tprintf("Type %u is unknown", routing->h_routing_type); } tprintf(" ]\n"); if (data_len > pkt_len(pkt) || data_len < 0) return; pkt_pull(pkt, data_len); pkt_set_dissector(pkt, ð_lay3, routing->h_next_header); } static void routing_less(struct pkt_buff *pkt) { uint16_t hdr_ext_len; ssize_t data_len; struct routinghdr *routing; routing = (struct routinghdr *) pkt_pull(pkt, sizeof(*routing)); if (routing == NULL) return; /* Total Header Length in Bytes */ hdr_ext_len = (routing->h_hdr_ext_len + 1) * 8; /* Data length in Bytes */ data_len = hdr_ext_len - sizeof(*routing); if (data_len > pkt_len(pkt) || data_len < 0) return; tprintf(" Routing "); switch (routing->h_routing_type) { case ROUTING_HEADER_TYPE_0: dissect_routinghdr_type_0_less(pkt, &data_len); break; default: tprintf("Type %u is unknown", routing->h_routing_type); } if (data_len > pkt_len(pkt) || data_len < 0) return; pkt_pull(pkt, data_len); pkt_set_dissector(pkt, ð_lay3, routing->h_next_header); } struct protocol ipv6_routing_ops = { .key = 0x2B, .print_full = routing, .print_less = routing_less, }; 2'>stat only

author	Chuck Lever <chuck.lever@oracle.com>	2016-04-11 16:20:22 -0400
committer	Anna Schumaker <Anna.Schumaker@Netapp.com>	2016-05-09 09:05:40 -0400
commit	11476e9dec39d90fe1e9bf12abc6f3efe35a073d (patch)
tree	38b09676f82ac1e8db4bf3eef19d97082e386aa8
parent	3064b6861d00b7124558cdf79f9387f948361be3 (diff)

NFS: Fix an LOCK/OPEN race when unlinking an open file

At Connectathon 2016, we found that recent upstream Linux clients would occasionally send a LOCK operation with a zero stateid. This appeared to happen in close proximity to another thread returning a delegation before unlinking the same file while it remained open. Earlier, the client received a write delegation on this file and returned the open stateid. Now, as it is getting ready to unlink the file, it returns the write delegation. But there is still an open file descriptor on that file, so the client must OPEN the file again before it returns the delegation. Since commit 24311f884189 ('NFSv4: Recovery of recalled read delegations is broken'), nfs_open_delegation_recall() clears the NFS_DELEGATED_STATE flag _before_ it sends the OPEN. This allows a racing LOCK on the same inode to be put on the wire before the OPEN operation has returned a valid open stateid. To eliminate this race, serialize delegation return with the acquisition of a file lock on the same file. Adopt the same approach as is used in the unlock path. This patch also eliminates a similar race seen when sending a LOCK operation at the same time as returning a delegation on the same file. Fixes: 24311f884189 ('NFSv4: Recovery of recalled read ... ') Signed-off-by: Chuck Lever <chuck.lever@oracle.com> [Anna: Add sentence about LOCK / delegation race] Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>