rconn: Fix segfault when the idle timeout races with connection failure.

author Ben Pfaff <blp@nicira.com>

Fri, 9 Jan 2009 22:30:25 +0000 (14:30 -0800)

committer Ben Pfaff <blp@nicira.com>

Fri, 9 Jan 2009 22:33:00 +0000 (14:33 -0800)
author Ben Pfaff <blp@nicira.com>
Fri, 9 Jan 2009 22:30:25 +0000 (14:30 -0800)
committer Ben Pfaff <blp@nicira.com>
Fri, 9 Jan 2009 22:33:00 +0000 (14:33 -0800)
diff --git a/lib/rconn.c b/lib/rconn.c

index f3dd6aa79be65b5f35de55513b7d40492850d6a1..910c1ced4e7d1425ce86fc237b37acbe211edec8 100644 (file)
--- a/lib/rconn.c
+++ b/lib/rconn.c
@@ -385,10 +385,14 @@ run_ACTIVE(struct rconn *rc)
  {
      if (timed_out(rc)) {
          unsigned int base = MAX(rc->last_received, rc->state_entered);
-        rconn_send(rc, make_echo_request(), NULL);
          VLOG_DBG("%s: idle %u seconds, sending inactivity probe",
                   rc->name, (unsigned int) (time_now() - base));
+
+        /* Ordering is important here: rconn_send() can transition to BACKOFF,
+         * and we don't want to transition back to IDLE if so, because then we
+         * can end up queuing a packet with vconn == NULL and then *boom*. */
          state_transition(rc, S_IDLE);
+        rconn_send(rc, make_echo_request(), NULL);
          return;
      }
author	Ben Pfaff <blp@nicira.com>
	Fri, 9 Jan 2009 22:30:25 +0000 (14:30 -0800)
committer	Ben Pfaff <blp@nicira.com>
	Fri, 9 Jan 2009 22:33:00 +0000 (14:33 -0800)