On 24.04.2012 19:26, Hiroki Sato wrote:
Hi,
I created the attached patch to make the current ipfw0
pseudo-interface clonable. The functionality of ipfw0 logging
interface is not changed by this patch, but the ipfw0
pseudo-interface is not created by default and can be created with
the following command:
# ifconfig ipfw0 create
Any objection to commit this patch? The primary motivation for this
change is that presence of the interface by default increases size of
the interface list, which is returned by NET_RT_IFLIST sysctl even
when the sysadmin does not need it. Also this pseudo-interface can
confuse the sysadmin and/or network-related userland utilities like
SNMP agent. With this patch, one can use ifconfig(8) to
create/destroy the pseudo-interface as necessary.
ipfw_log() log_if usage is not protected, so it is possible to trigger
use-after-free.
Maybe it is better to have some interface flag which makes NET_RT_IFLIST
skip given interface ?
-- Hiroki
--
WBR, Alexander
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"
