From owner-freebsd-ipfw@FreeBSD.ORG  Thu Apr 26 23:44:49 2012
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 46D33106566B;
	Thu, 26 Apr 2012 23:44:49 +0000 (UTC) (envelope-from hrs@FreeBSD.org)
Received: from mail.allbsd.org (gatekeeper-int.allbsd.org
	[IPv6:2001:2f0:104:e002::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 3D4538FC12;
	Thu, 26 Apr 2012 23:44:48 +0000 (UTC)
Received: from alph.allbsd.org (p4242-ipbf1504funabasi.chiba.ocn.ne.jp
	[118.7.211.242]) (authenticated bits=128)
	by mail.allbsd.org (8.14.4/8.14.4) with ESMTP id q3QNiODA011661;
	Fri, 27 Apr 2012 08:44:35 +0900 (JST) (envelope-from hrs@FreeBSD.org)
Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0)
	by alph.allbsd.org (8.14.4/8.14.4) with ESMTP id q3QNiNkT020158;
	Fri, 27 Apr 2012 08:44:24 +0900 (JST) (envelope-from hrs@FreeBSD.org)
Date: Fri, 27 Apr 2012 08:44:14 +0900 (JST)
Message-Id: <20120427.084414.1142593201575277510.hrs@allbsd.org>
To: melifaro@FreeBSD.org
From: Hiroki Sato <hrs@FreeBSD.org>
In-Reply-To: <4F96E71B.9020405@FreeBSD.org>
References: <4F96D11B.2060007@FreeBSD.org>
	<20120425.020518.406495893112283552.hrs@allbsd.org>
	<4F96E71B.9020405@FreeBSD.org>
X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530  FFD7 4F2C D3D8 2793 CF2D
X-Mailer: Mew version 6.4.50 on Emacs 23.4 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Multipart/Signed; protocol="application/pgp-signature";
	micalg=pgp-sha1;
	boundary="--Security_Multipart(Fri_Apr_27_08_44_14_2012_549)--"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.97.3 at gatekeeper.allbsd.org
X-Virus-Status: Clean
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3
	(mail.allbsd.org [133.31.130.32]);
	Fri, 27 Apr 2012 08:44:41 +0900 (JST)
X-Spam-Status: No, score=-104.1 required=13.0 tests=BAYES_00,
	CONTENT_TYPE_PRESENT,RCVD_IN_RP_RNBL,SPF_SOFTFAIL,USER_IN_WHITELIST
	autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	gatekeeper.allbsd.org
Cc: freebsd-ipfw@FreeBSD.org
Subject: Re: CFR: ipfw0 pseudo-interface clonable
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Apr 2012 23:44:49 -0000

----Security_Multipart(Fri_Apr_27_08_44_14_2012_549)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

"Alexander V. Chernikov" <melifaro@FreeBSD.org> wrote
  in <4F96E71B.9020405@FreeBSD.org>:

me> On 24.04.2012 21:05, Hiroki Sato wrote:
me> > "Alexander V. Chernikov"<melifaro@FreeBSD.org>  wrote
me> >    in<4F96D11B.2060007@FreeBSD.org>:
me> >
me> > me>  On 24.04.2012 19:26, Hiroki Sato wrote:
me> > me>  >  Hi,
me> > me>  >
me> > me>  >    I created the attached patch to make the current ipfw0
me> > me> > pseudo-interface clonable.  The functionality of ipfw0 logging
me> > me>  >    interface is not changed by this patch, but the ipfw0
me> > me> > pseudo-interface is not created by default and can be created
me> > with
me> > me>  >    the following command:
me> > me>  >
me> > me>  >     # ifconfig ipfw0 create
me> > me>  >
me> > me> > Any objection to commit this patch?  The primary motivation for
me> > this
me> > me> > change is that presence of the interface by default increases
me> > size of
me> > me> > the interface list, which is returned by NET_RT_IFLIST sysctl
me> > even
me> > me> > when the sysadmin does not need it.  Also this pseudo-interface
me> > can
me> > me> > confuse the sysadmin and/or network-related userland utilities
me> > like
me> > me>  >    SNMP agent.  With this patch, one can use ifconfig(8) to
me> > me>  >    create/destroy the pseudo-interface as necessary.
me> > me>
me> > me> ipfw_log() log_if usage is not protected, so it is possible to
me> > trigger
me> > me>  use-after-free.
me> >
me> >   Ah, right.  I will revise lock handling and resubmit the patch.
me> >
me> > me>  Maybe it is better to have some interface flag which makes
me> > me>  NET_RT_IFLIST skip given interface ?
me> >
me> >   I do not think so.  NET_RT_IFLIST should be able to list all of the
me> >   interfaces because it is the purpose.
me> Okay, another try (afair already discussed somewhere):
me> Do we really need all BPF providers to have ifnets?
me> It seems that removing all bp_bif depends from BPF code is not so hard
me> task.

 Hmm, I cannot imagine how to decouple ifnet from the bpf code because
 bpf heavily depends on it in its API (you probably know better than
 me).  Do you have any specific idea?

-- Hiroki

----Security_Multipart(Fri_Apr_27_08_44_14_2012_549)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (FreeBSD)

iEYEABECAAYFAk+Z3c4ACgkQTyzT2CeTzy3SUQCgmx4rgiC90IYhP9rQM2otaUTm
Ee4AnjhsY1fwjg9sOWB+xDIsxTM47Vgr
=rARG
-----END PGP SIGNATURE-----

----Security_Multipart(Fri_Apr_27_08_44_14_2012_549)----