rconn: Fix segfault when the idle timeout races with connection failure.

author Ben Pfaff <blp@nicira.com>

Fri, 9 Jan 2009 22:30:25 +0000 (14:30 -0800)

committer Ben Pfaff <blp@nicira.com>

Tue, 13 Jan 2009 01:16:37 +0000 (17:16 -0800)
author Ben Pfaff <blp@nicira.com>
Fri, 9 Jan 2009 22:30:25 +0000 (14:30 -0800)
committer Ben Pfaff <blp@nicira.com>
Tue, 13 Jan 2009 01:16:37 +0000 (17:16 -0800)
diff --git a/lib/rconn.c b/lib/rconn.c

index ba606fb..c8bddab 100644 (file)
--- a/lib/rconn.c
+++ b/lib/rconn.c
@@ -380,10 +380,14 @@ run_ACTIVE(struct rconn *rc)
  {
      if (timed_out(rc)) {
          unsigned int base = MAX(rc->last_received, rc->state_entered);
-        rconn_send(rc, make_echo_request(), NULL);
          VLOG_DBG("%s: idle %u seconds, sending inactivity probe",
                   rc->name, (unsigned int) (time_now() - base));
+
+        /* Ordering is important here: rconn_send() can transition to BACKOFF,
+         * and we don't want to transition back to IDLE if so, because then we
+         * can end up queuing a packet with vconn == NULL and then *boom*. */
          state_transition(rc, S_IDLE);
+        rconn_send(rc, make_echo_request(), NULL);
          return;
      }
author	Ben Pfaff <blp@nicira.com>
	Fri, 9 Jan 2009 22:30:25 +0000 (14:30 -0800)
committer	Ben Pfaff <blp@nicira.com>
	Tue, 13 Jan 2009 01:16:37 +0000 (17:16 -0800)