Date: Wed, 02 Aug 2017 10:03:12 +0200 From: "Kristof Provost" <kp@FreeBSD.org> To: "Kajetan Staszkiewicz" <vegeta@tuxpowered.net> Cc: freebsd-pf@freebsd.org Subject: Re: Is panic() the way to handle errors in pf? Message-ID: <388FADD3-1ADF-44D8-BB5E-C0FBA1BA0730@FreeBSD.org> In-Reply-To: <3546113.bA8rVlP40E@energia> References: <3546113.bA8rVlP40E@energia>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 1 Aug 2017, at 11:30, Kajetan Staszkiewicz wrote: > Hey, group. > > A thought came to me: is it really the best thing to panic when errors are > encountered within pf? I understand there are situations where it is safer for > the kernel to not continue running like some low-level operations in memory > allocator or filesystems. But a firewall? Especially that a firewall handles > packets coming from the Interent which can be arbitrarily crafted. > pf does not use panic() to handle bad packets, but to handle **impossible** situations. Basically, what you see here are assertions (go count KASSERT() too), not error paths. If it were possible to trigger such a panic by sending a bad packet it would be a bug, yes, but that’s not what’s happening here. These panics document invariants. They are assertions. Once the impossible has happened there’s no sane way for the system to continue. It would be irresponsible to even try. Removing them would make pf **more** vulnerable to exploitation, not less. Regards, Kristof [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCAAGBQJZgYdGAAoJEG/E3HH7XkpGhJkH/1T7szGycsb/jRgKgYUGl48N 8AzDLhNYHHqxHJbY78UzYLbpp5w3xTR2YN2koMEis20uTUiIL+IcjR5xAGdy5lwG HPK/OZBZr0J6vF0PmrQ0jhJ42fiZz3cvDRjwOYOPhTOehhCNWQs63jf9DQme69C9 VBBhS8fllUzDZB3V5GuKKBBBxAsuhsly+m+sGwb72x8u7wY9GiH1pQoMPCCtyUWB dxCrz4V4Oegv8qoN1fv3bDfQpVYKBSMClGjX396IY279m3PjNuvwvqBD4AkVE2oH 4UuGgPAGPZq9CYHMWKbcs6UPJRAzdJUXrBtvC2g3g0LdpT1B1g7ue1pMTBl1BG8= =toi5 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?388FADD3-1ADF-44D8-BB5E-C0FBA1BA0730>