CFR: ipfw0 pseudo-interface clonable
Alexander V. Chernikov
melifaro at FreeBSD.org
Tue Apr 24 16:18:27 UTC 2012
On 24.04.2012 19:26, Hiroki Sato wrote:
> Hi,
>
> I created the attached patch to make the current ipfw0
> pseudo-interface clonable. The functionality of ipfw0 logging
> interface is not changed by this patch, but the ipfw0
> pseudo-interface is not created by default and can be created with
> the following command:
>
> # ifconfig ipfw0 create
>
> Any objection to commit this patch? The primary motivation for this
> change is that presence of the interface by default increases size of
> the interface list, which is returned by NET_RT_IFLIST sysctl even
> when the sysadmin does not need it. Also this pseudo-interface can
> confuse the sysadmin and/or network-related userland utilities like
> SNMP agent. With this patch, one can use ifconfig(8) to
> create/destroy the pseudo-interface as necessary.
ipfw_log() log_if usage is not protected, so it is possible to trigger
use-after-free.
Maybe it is better to have some interface flag which makes NET_RT_IFLIST
skip given interface ?
>
> -- Hiroki
--
WBR, Alexander
More information about the freebsd-ipfw
mailing list