Date: Fri, 27 Apr 2012 08:44:14 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: melifaro@FreeBSD.org Cc: freebsd-ipfw@FreeBSD.org Subject: Re: CFR: ipfw0 pseudo-interface clonable Message-ID: <20120427.084414.1142593201575277510.hrs@allbsd.org> In-Reply-To: <4F96E71B.9020405@FreeBSD.org> References: <4F96D11B.2060007@FreeBSD.org> <20120425.020518.406495893112283552.hrs@allbsd.org> <4F96E71B.9020405@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Fri_Apr_27_08_44_14_2012_549)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit "Alexander V. Chernikov" <melifaro@FreeBSD.org> wrote in <4F96E71B.9020405@FreeBSD.org>: me> On 24.04.2012 21:05, Hiroki Sato wrote: me> > "Alexander V. Chernikov"<melifaro@FreeBSD.org> wrote me> > in<4F96D11B.2060007@FreeBSD.org>: me> > me> > me> On 24.04.2012 19:26, Hiroki Sato wrote: me> > me> > Hi, me> > me> > me> > me> > I created the attached patch to make the current ipfw0 me> > me> > pseudo-interface clonable. The functionality of ipfw0 logging me> > me> > interface is not changed by this patch, but the ipfw0 me> > me> > pseudo-interface is not created by default and can be created me> > with me> > me> > the following command: me> > me> > me> > me> > # ifconfig ipfw0 create me> > me> > me> > me> > Any objection to commit this patch? The primary motivation for me> > this me> > me> > change is that presence of the interface by default increases me> > size of me> > me> > the interface list, which is returned by NET_RT_IFLIST sysctl me> > even me> > me> > when the sysadmin does not need it. Also this pseudo-interface me> > can me> > me> > confuse the sysadmin and/or network-related userland utilities me> > like me> > me> > SNMP agent. With this patch, one can use ifconfig(8) to me> > me> > create/destroy the pseudo-interface as necessary. me> > me> me> > me> ipfw_log() log_if usage is not protected, so it is possible to me> > trigger me> > me> use-after-free. me> > me> > Ah, right. I will revise lock handling and resubmit the patch. me> > me> > me> Maybe it is better to have some interface flag which makes me> > me> NET_RT_IFLIST skip given interface ? me> > me> > I do not think so. NET_RT_IFLIST should be able to list all of the me> > interfaces because it is the purpose. me> Okay, another try (afair already discussed somewhere): me> Do we really need all BPF providers to have ifnets? me> It seems that removing all bp_bif depends from BPF code is not so hard me> task. Hmm, I cannot imagine how to decouple ifnet from the bpf code because bpf heavily depends on it in its API (you probably know better than me). Do you have any specific idea? -- Hiroki ----Security_Multipart(Fri_Apr_27_08_44_14_2012_549)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEABECAAYFAk+Z3c4ACgkQTyzT2CeTzy3SUQCgmx4rgiC90IYhP9rQM2otaUTm Ee4AnjhsY1fwjg9sOWB+xDIsxTM47Vgr =rARG -----END PGP SIGNATURE----- ----Security_Multipart(Fri_Apr_27_08_44_14_2012_549)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120427.084414.1142593201575277510.hrs>