CFR: ipfw0 pseudo-interface clonable
Hiroki Sato
hrs at FreeBSD.org
Tue Apr 24 17:08:31 UTC 2012
"Alexander V. Chernikov" <melifaro at FreeBSD.org> wrote
in <4F96D11B.2060007 at FreeBSD.org>:
me> On 24.04.2012 19:26, Hiroki Sato wrote:
me> > Hi,
me> >
me> > I created the attached patch to make the current ipfw0
me> > pseudo-interface clonable. The functionality of ipfw0 logging
me> > interface is not changed by this patch, but the ipfw0
me> > pseudo-interface is not created by default and can be created with
me> > the following command:
me> >
me> > # ifconfig ipfw0 create
me> >
me> > Any objection to commit this patch? The primary motivation for this
me> > change is that presence of the interface by default increases size of
me> > the interface list, which is returned by NET_RT_IFLIST sysctl even
me> > when the sysadmin does not need it. Also this pseudo-interface can
me> > confuse the sysadmin and/or network-related userland utilities like
me> > SNMP agent. With this patch, one can use ifconfig(8) to
me> > create/destroy the pseudo-interface as necessary.
me>
me> ipfw_log() log_if usage is not protected, so it is possible to trigger
me> use-after-free.
Ah, right. I will revise lock handling and resubmit the patch.
me> Maybe it is better to have some interface flag which makes
me> NET_RT_IFLIST skip given interface ?
I do not think so. NET_RT_IFLIST should be able to list all of the
interfaces because it is the purpose.
-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20120424/3312f240/attachment.pgp
More information about the freebsd-ipfw
mailing list