From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 24 17:08:31 2012 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B62E11065673; Tue, 24 Apr 2012 17:08:31 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail.allbsd.org (gatekeeper-int.allbsd.org [IPv6:2001:2f0:104:e002::2]) by mx1.freebsd.org (Postfix) with ESMTP id B571B8FC08; Tue, 24 Apr 2012 17:08:30 +0000 (UTC) Received: from alph.allbsd.org (p4242-ipbf1504funabasi.chiba.ocn.ne.jp [118.7.211.242]) (authenticated bits=128) by mail.allbsd.org (8.14.4/8.14.4) with ESMTP id q3OH8791071631; Wed, 25 Apr 2012 02:08:17 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0) by alph.allbsd.org (8.14.4/8.14.4) with ESMTP id q3OH85an081099; Wed, 25 Apr 2012 02:08:06 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Wed, 25 Apr 2012 02:05:18 +0900 (JST) Message-Id: <20120425.020518.406495893112283552.hrs@allbsd.org> To: melifaro@FreeBSD.org From: Hiroki Sato In-Reply-To: <4F96D11B.2060007@FreeBSD.org> References: <20120425.002600.1631867625819249738.hrs@allbsd.org> <4F96D11B.2060007@FreeBSD.org> X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.4.50 on Emacs 23.4 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart(Wed_Apr_25_02_05_18_2012_022)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.97.3 at gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 (mail.allbsd.org [133.31.130.32]); Wed, 25 Apr 2012 02:08:22 +0900 (JST) X-Spam-Status: No, score=-104.1 required=13.0 tests=BAYES_00, CONTENT_TYPE_PRESENT,RCVD_IN_RP_RNBL,SPF_SOFTFAIL,USER_IN_WHITELIST autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on gatekeeper.allbsd.org Cc: freebsd-ipfw@FreeBSD.org Subject: Re: CFR: ipfw0 pseudo-interface clonable X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2012 17:08:31 -0000 ----Security_Multipart(Wed_Apr_25_02_05_18_2012_022)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit "Alexander V. Chernikov" wrote in <4F96D11B.2060007@FreeBSD.org>: me> On 24.04.2012 19:26, Hiroki Sato wrote: me> > Hi, me> > me> > I created the attached patch to make the current ipfw0 me> > pseudo-interface clonable. The functionality of ipfw0 logging me> > interface is not changed by this patch, but the ipfw0 me> > pseudo-interface is not created by default and can be created with me> > the following command: me> > me> > # ifconfig ipfw0 create me> > me> > Any objection to commit this patch? The primary motivation for this me> > change is that presence of the interface by default increases size of me> > the interface list, which is returned by NET_RT_IFLIST sysctl even me> > when the sysadmin does not need it. Also this pseudo-interface can me> > confuse the sysadmin and/or network-related userland utilities like me> > SNMP agent. With this patch, one can use ifconfig(8) to me> > create/destroy the pseudo-interface as necessary. me> me> ipfw_log() log_if usage is not protected, so it is possible to trigger me> use-after-free. Ah, right. I will revise lock handling and resubmit the patch. me> Maybe it is better to have some interface flag which makes me> NET_RT_IFLIST skip given interface ? I do not think so. NET_RT_IFLIST should be able to list all of the interfaces because it is the purpose. -- Hiroki ----Security_Multipart(Wed_Apr_25_02_05_18_2012_022)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEABECAAYFAk+W3U4ACgkQTyzT2CeTzy1MVwCg002/CC3exS/5x5J0SZhMxVa7 hyYAnAu6FxSVmmR/XgxlrFYnJbNkNw15 =0+BW -----END PGP SIGNATURE----- ----Security_Multipart(Wed_Apr_25_02_05_18_2012_022)----