On 24.04.2012 21:05, Hiroki Sato wrote:
"Alexander V. Chernikov"<[email protected]> wrote
in<[email protected]>:
me> On 24.04.2012 19:26, Hiroki Sato wrote:
me> > Hi,
me> >
me> > I created the attached patch to make the current ipfw0
me> > pseudo-interface clonable. The functionality of ipfw0 logging
me> > interface is not changed by this patch, but the ipfw0
me> > pseudo-interface is not created by default and can be created with
me> > the following command:
me> >
me> > # ifconfig ipfw0 create
me> >
me> > Any objection to commit this patch? The primary motivation for this
me> > change is that presence of the interface by default increases size of
me> > the interface list, which is returned by NET_RT_IFLIST sysctl even
me> > when the sysadmin does not need it. Also this pseudo-interface can
me> > confuse the sysadmin and/or network-related userland utilities like
me> > SNMP agent. With this patch, one can use ifconfig(8) to
me> > create/destroy the pseudo-interface as necessary.
me>
me> ipfw_log() log_if usage is not protected, so it is possible to trigger
me> use-after-free.
Ah, right. I will revise lock handling and resubmit the patch.
me> Maybe it is better to have some interface flag which makes
me> NET_RT_IFLIST skip given interface ?
I do not think so. NET_RT_IFLIST should be able to list all of the
interfaces because it is the purpose.
Okay, another try (afair already discussed somewhere):
Do we really need all BPF providers to have ifnets?
It seems that removing all bp_bif depends from BPF code is not so hard task.
-- Hiroki
--
WBR, Alexander
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"
