rconn: Fix segfault when the idle timeout races with connection failure.

[sliver-openvswitch.git] / lib / rconn.c

diff --git a/lib/rconn.c b/lib/rconn.c
index df0807c..c8bddab 100644 (file)
--- a/lib/rconn.c
+++ b/lib/rconn.c
@@ -39,7 +39,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include "ofpbuf.h"
-#include "openflow.h"
+#include "openflow/openflow.h"
 #include "poll-loop.h"
 #include "sat-math.h"
 #include "timeval.h"
@@ -264,10 +264,15 @@ void
 rconn_destroy(struct rconn *rc)
 {
     if (rc) {
+        size_t i;
+
         free(rc->name);
         vconn_close(rc->vconn);
         flush_queue(rc);
         queue_destroy(&rc->txq);
+        for (i = 0; i < rc->n_monitors; i++) {
+            vconn_close(rc->monitors[i]);
+        }
         free(rc);
     }
 }
@@ -375,10 +380,14 @@ run_ACTIVE(struct rconn *rc)
 {
     if (timed_out(rc)) {
         unsigned int base = MAX(rc->last_received, rc->state_entered);
-        rconn_send(rc, make_echo_request(), NULL);
         VLOG_DBG("%s: idle %u seconds, sending inactivity probe",
                  rc->name, (unsigned int) (time_now() - base));
+
+        /* Ordering is important here: rconn_send() can transition to BACKOFF,
+         * and we don't want to transition back to IDLE if so, because then we
+         * can end up queuing a packet with vconn == NULL and then *boom*. */
         state_transition(rc, S_IDLE);
+        rconn_send(rc, make_echo_request(), NULL);
         return;
     }