Author: cmihail Date: Mon May 16 13:00:34 2011 New Revision: 51781 URL: http://svn.reactos.org/svn/reactos?rev=51781&view=rev Log: Make kernel not crash when trying to accept in incoming tcp connection. The problem is in TCPAcceptEventHandler, where calling the LibTCPAccept function would cause an assert to fail in LibTCPAccept. We just set the state of the pcb to LISTEN and after calling LibTCPAccept we set it to ESTABLISHED. The connection still fails but at least the kernel doesn't crash. Needs further serious investigation. Modified: branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c Modified: branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/lib/drive… ============================================================================== --- branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c [iso-8859-1] (original) +++ branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c [iso-8859-1] Mon May 16 13:00:34 2011 @@ -114,7 +114,7 @@ NTSTATUS Status; KIRQL OldIrql; - DbgPrint("TCPAcceptEventHandler\n"); + DbgPrint("TCPAcceptEventHandler] Called\n"); ReferenceObject(Connection); @@ -126,7 +126,7 @@ Irp = Bucket->Request.RequestContext; IrpSp = IoGetCurrentIrpStackLocation( Irp ); - TI_DbgPrint(DEBUG_TCP,("Getting the socket\n")); + TI_DbgPrint(DEBUG_TCP,("[TCPAcceptEventHandler] Getting the socket\n")); Status = TCPCheckPeerForAccept(newpcb, (PTDI_REQUEST_KERNEL)&IrpSp->Parameters); @@ -136,22 +136,27 @@ Bucket->Status = Status; Bucket->Information = 0; - DbgPrint("Associated with: 0x%x\n", Bucket->AssociatedEndpoint->SocketContext); - - DbgPrint("Completing accept event %x\n", Status); + DbgPrint("[TCPAcceptEventHandler] Associated with: 0x%x\n", Bucket->AssociatedEndpoint->SocketContext); + + DbgPrint("[TCPAcceptEventHandler] Completing accept event %x\n", Status); Complete = Bucket->Request.RequestNotifyObject; if (Status == STATUS_SUCCESS) { + newpcb->state = LISTEN; LockObject(Bucket->AssociatedEndpoint, &OldIrql); Bucket->AssociatedEndpoint->SocketContext = newpcb; + DbgPrint("[TCPAcceptEventHandler] LibTCPAccept coming up\n"); LibTCPAccept(newpcb, Bucket->AssociatedEndpoint); + + DbgPrint("[TCPAcceptEventHandler] Trying to unlock Bucket->AssociatedEndpoint\n"); UnlockObject(Bucket->AssociatedEndpoint, OldIrql); + newpcb->state = ESTABLISHED; } - DbgPrint("Done!\n"); + DbgPrint("[TCPAcceptEventHandler] Done!\n"); Complete(Bucket->Request.RequestContext, Bucket->Status, Bucket->Information); @@ -172,7 +177,7 @@ NTSTATUS Status; PMDL Mdl; - DbgPrint("TCPSendEventHandler\n"); + DbgPrint("[TCPSendEventHandler] Called\n"); ReferenceObject(Connection); @@ -248,7 +253,7 @@ ReferenceObject(Connection); - DbgPrint("TCPRecvEventHandler\n"); + DbgPrint("[TCPRecvEventHandler] Called\n"); if ((Entry = ExInterlockedRemoveHeadList(&Connection->ReceiveRequest, &Connection->Lock))) { Bucket = CONTAINING_RECORD( Entry, TDI_BUCKET, Entry ); @@ -304,25 +309,28 @@ PTDI_BUCKET Bucket; PLIST_ENTRY Entry; - DbgPrint("TCPConnectEventHandler\n"); - - ReferenceObject(Connection); - - while ((Entry = ExInterlockedRemoveHeadList(&Connection->ConnectRequest, &Connection->Lock))) { + DbgPrint("[TCPConnectEventHandler] Called\n"); + + ReferenceObject(Connection); + + while ((Entry = ExInterlockedRemoveHeadList(&Connection->ConnectRequest, &Connection->Lock))) + { Bucket = CONTAINING_RECORD( Entry, TDI_BUCKET, Entry ); Bucket->Status = TCPTranslateError(err); Bucket->Information = 0; - DbgPrint("Completing connection request! (0x%x)\n", err); - - Complete = Bucket->Request.RequestNotifyObject; - - Complete(Bucket->Request.RequestContext, Bucket->Status, Bucket->Information); - - ExFreePoolWithTag(Bucket, TDI_BUCKET_TAG); - } + DbgPrint("[TCPConnectEventHandler] Completing connection request! (0x%x)\n", err); + + Complete = Bucket->Request.RequestNotifyObject; + + Complete(Bucket->Request.RequestContext, Bucket->Status, Bucket->Information); + + ExFreePoolWithTag(Bucket, TDI_BUCKET_TAG); + } + + DbgPrint("[TCPConnectEventHandler] Done\n"); DereferenceObject(Connection); }