Date: Wed, 02 Aug 2017 10:03:12 +0200 From: "Kristof Provost" <kp@FreeBSD.org> To: "Kajetan Staszkiewicz" <vegeta@tuxpowered.net> Cc: freebsd-pf@freebsd.org Subject: Re: Is panic() the way to handle errors in pf? Message-ID: <388FADD3-1ADF-44D8-BB5E-C0FBA1BA0730@FreeBSD.org> In-Reply-To: <3546113.bA8rVlP40E@energia> References: <3546113.bA8rVlP40E@energia>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 3156 and 4880). --=_MailMate_FFEA282E-39B9-4171-917E-8D46BF18E115_= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 1 Aug 2017, at 11:30, Kajetan Staszkiewicz wrote: > Hey, group. > > A thought came to me: is it really the best thing to panic when errors = are > encountered within pf? I understand there are situations where it is sa= fer for > the kernel to not continue running like some low-level operations in me= mory > allocator or filesystems. But a firewall? Especially that a firewall ha= ndles > packets coming from the Interent which can be arbitrarily crafted. > pf does not use panic() to handle bad packets, but to handle **impossible= ** situations. Basically, what you see here are assertions (go count KASSERT() too), not= error paths. If it were possible to trigger such a panic by sending a bad packet it wo= uld be a bug, yes, but that=E2=80=99s not what=E2=80=99s happening here. = These panics document invariants. They are assertions. Once the impossible has happened there=E2=80=99s no sane way for the syst= em to continue. It would be irresponsible to even try. Removing them would make pf **more** vulnerable to exploitation, not less= =2E Regards, Kristof --=_MailMate_FFEA282E-39B9-4171-917E-8D46BF18E115_= Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCAAGBQJZgYdGAAoJEG/E3HH7XkpGhJkH/1T7szGycsb/jRgKgYUGl48N 8AzDLhNYHHqxHJbY78UzYLbpp5w3xTR2YN2koMEis20uTUiIL+IcjR5xAGdy5lwG HPK/OZBZr0J6vF0PmrQ0jhJ42fiZz3cvDRjwOYOPhTOehhCNWQs63jf9DQme69C9 VBBhS8fllUzDZB3V5GuKKBBBxAsuhsly+m+sGwb72x8u7wY9GiH1pQoMPCCtyUWB dxCrz4V4Oegv8qoN1fv3bDfQpVYKBSMClGjX396IY279m3PjNuvwvqBD4AkVE2oH 4UuGgPAGPZq9CYHMWKbcs6UPJRAzdJUXrBtvC2g3g0LdpT1B1g7ue1pMTBl1BG8= =toi5 -----END PGP SIGNATURE----- --=_MailMate_FFEA282E-39B9-4171-917E-8D46BF18E115_=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?388FADD3-1ADF-44D8-BB5E-C0FBA1BA0730>