From owner-freebsd-ipfw@FreeBSD.ORG  Tue Apr 24 16:18:27 2012
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
	by hub.freebsd.org (Postfix) with ESMTP id 39F25106567B;
	Tue, 24 Apr 2012 16:18:27 +0000 (UTC)
	(envelope-from melifaro@FreeBSD.org)
Received: from dhcp170-36-red.yandex.net (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx2.freebsd.org (Postfix) with ESMTP id 51D2816423E;
	Tue, 24 Apr 2012 16:17:35 +0000 (UTC)
Message-ID: <4F96D11B.2060007@FreeBSD.org>
Date: Tue, 24 Apr 2012 20:13:15 +0400
From: "Alexander V. Chernikov" <melifaro@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:8.0) Gecko/20111117 Thunderbird/8.0
MIME-Version: 1.0
To: Hiroki Sato <hrs@FreeBSD.org>
References: <20120425.002600.1631867625819249738.hrs@allbsd.org>
In-Reply-To: <20120425.002600.1631867625819249738.hrs@allbsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@FreeBSD.org
Subject: Re: CFR: ipfw0 pseudo-interface clonable
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2012 16:18:27 -0000

On 24.04.2012 19:26, Hiroki Sato wrote:
> Hi,
>
>   I created the attached patch to make the current ipfw0
>   pseudo-interface clonable.  The functionality of ipfw0 logging
>   interface is not changed by this patch, but the ipfw0
>   pseudo-interface is not created by default and can be created with
>   the following command:
>
>    # ifconfig ipfw0 create
>
>   Any objection to commit this patch?  The primary motivation for this
>   change is that presence of the interface by default increases size of
>   the interface list, which is returned by NET_RT_IFLIST sysctl even
>   when the sysadmin does not need it.  Also this pseudo-interface can
>   confuse the sysadmin and/or network-related userland utilities like
>   SNMP agent.  With this patch, one can use ifconfig(8) to
>   create/destroy the pseudo-interface as necessary.

ipfw_log() log_if usage is not protected, so it is possible to trigger 
use-after-free.

Maybe it is better to have some interface flag which makes NET_RT_IFLIST 
skip given interface ?


>
> -- Hiroki


-- 
WBR, Alexander