Date: Tue, 24 Apr 2012 20:13:15 +0400 From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: Hiroki Sato <hrs@FreeBSD.org> Cc: freebsd-ipfw@FreeBSD.org Subject: Re: CFR: ipfw0 pseudo-interface clonable Message-ID: <4F96D11B.2060007@FreeBSD.org> In-Reply-To: <20120425.002600.1631867625819249738.hrs@allbsd.org> References: <20120425.002600.1631867625819249738.hrs@allbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 24.04.2012 19:26, Hiroki Sato wrote: > Hi, > > I created the attached patch to make the current ipfw0 > pseudo-interface clonable. The functionality of ipfw0 logging > interface is not changed by this patch, but the ipfw0 > pseudo-interface is not created by default and can be created with > the following command: > > # ifconfig ipfw0 create > > Any objection to commit this patch? The primary motivation for this > change is that presence of the interface by default increases size of > the interface list, which is returned by NET_RT_IFLIST sysctl even > when the sysadmin does not need it. Also this pseudo-interface can > confuse the sysadmin and/or network-related userland utilities like > SNMP agent. With this patch, one can use ifconfig(8) to > create/destroy the pseudo-interface as necessary. ipfw_log() log_if usage is not protected, so it is possible to trigger use-after-free. Maybe it is better to have some interface flag which makes NET_RT_IFLIST skip given interface ? > > -- Hiroki -- WBR, Alexander
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F96D11B.2060007>