Date: Wed, 25 Apr 2012 02:05:18 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: melifaro@FreeBSD.org Cc: freebsd-ipfw@FreeBSD.org Subject: Re: CFR: ipfw0 pseudo-interface clonable Message-ID: <20120425.020518.406495893112283552.hrs@allbsd.org> In-Reply-To: <4F96D11B.2060007@FreeBSD.org> References: <20120425.002600.1631867625819249738.hrs@allbsd.org> <4F96D11B.2060007@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Wed_Apr_25_02_05_18_2012_022)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit "Alexander V. Chernikov" <melifaro@FreeBSD.org> wrote in <4F96D11B.2060007@FreeBSD.org>: me> On 24.04.2012 19:26, Hiroki Sato wrote: me> > Hi, me> > me> > I created the attached patch to make the current ipfw0 me> > pseudo-interface clonable. The functionality of ipfw0 logging me> > interface is not changed by this patch, but the ipfw0 me> > pseudo-interface is not created by default and can be created with me> > the following command: me> > me> > # ifconfig ipfw0 create me> > me> > Any objection to commit this patch? The primary motivation for this me> > change is that presence of the interface by default increases size of me> > the interface list, which is returned by NET_RT_IFLIST sysctl even me> > when the sysadmin does not need it. Also this pseudo-interface can me> > confuse the sysadmin and/or network-related userland utilities like me> > SNMP agent. With this patch, one can use ifconfig(8) to me> > create/destroy the pseudo-interface as necessary. me> me> ipfw_log() log_if usage is not protected, so it is possible to trigger me> use-after-free. Ah, right. I will revise lock handling and resubmit the patch. me> Maybe it is better to have some interface flag which makes me> NET_RT_IFLIST skip given interface ? I do not think so. NET_RT_IFLIST should be able to list all of the interfaces because it is the purpose. -- Hiroki ----Security_Multipart(Wed_Apr_25_02_05_18_2012_022)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEABECAAYFAk+W3U4ACgkQTyzT2CeTzy1MVwCg002/CC3exS/5x5J0SZhMxVa7 hyYAnAu6FxSVmmR/XgxlrFYnJbNkNw15 =0+BW -----END PGP SIGNATURE----- ----Security_Multipart(Wed_Apr_25_02_05_18_2012_022)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120425.020518.406495893112283552.hrs>