CFR: ipfw0 pseudo-interface clonable

[Alexander V. Chernikov]

On 24.04.2012 21:05, Hiroki Sato wrote:
> "Alexander V. Chernikov"<melifaro at FreeBSD.org>  wrote
>    in<4F96D11B.2060007 at FreeBSD.org>:
>
> me>  On 24.04.2012 19:26, Hiroki Sato wrote:
> me>  >  Hi,
> me>  >
> me>  >    I created the attached patch to make the current ipfw0
> me>  >    pseudo-interface clonable.  The functionality of ipfw0 logging
> me>  >    interface is not changed by this patch, but the ipfw0
> me>  >    pseudo-interface is not created by default and can be created with
> me>  >    the following command:
> me>  >
> me>  >     # ifconfig ipfw0 create
> me>  >
> me>  >    Any objection to commit this patch?  The primary motivation for this
> me>  >    change is that presence of the interface by default increases size of
> me>  >    the interface list, which is returned by NET_RT_IFLIST sysctl even
> me>  >    when the sysadmin does not need it.  Also this pseudo-interface can
> me>  >    confuse the sysadmin and/or network-related userland utilities like
> me>  >    SNMP agent.  With this patch, one can use ifconfig(8) to
> me>  >    create/destroy the pseudo-interface as necessary.
> me>
> me>  ipfw_log() log_if usage is not protected, so it is possible to trigger
> me>  use-after-free.
>
>   Ah, right.  I will revise lock handling and resubmit the patch.
>
> me>  Maybe it is better to have some interface flag which makes
> me>  NET_RT_IFLIST skip given interface ?
>
>   I do not think so.  NET_RT_IFLIST should be able to list all of the
>   interfaces because it is the purpose.
Okay, another try (afair already discussed somewhere):
Do we really need all BPF providers to have ifnets?
It seems that removing all bp_bif depends from BPF code is not so hard task.


>
> -- Hiroki


-- 
WBR, Alexander