From owner-freebsd-current@FreeBSD.ORG  Fri Sep 19 22:51:33 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AC00F1065683
	for <freebsd-current@freebsd.org>; Fri, 19 Sep 2008 22:51:33 +0000 (UTC)
	(envelope-from maksim.yevmenkin@gmail.com)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.154])
	by mx1.freebsd.org (Postfix) with ESMTP id 33A188FC23
	for <freebsd-current@freebsd.org>; Fri, 19 Sep 2008 22:51:32 +0000 (UTC)
	(envelope-from maksim.yevmenkin@gmail.com)
Received: by fg-out-1718.google.com with SMTP id l26so686187fgb.35
	for <freebsd-current@freebsd.org>; Fri, 19 Sep 2008 15:51:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to
	:subject:cc:in-reply-to:mime-version:content-type:references;
	bh=8f03q2bSyahcLaDXD98Zr/+LeEU3hHNmxLCMDGqJhM8=;
	b=TzENi3+oH62axMpenFjten7qyLoj/6U92EmO1aNkM4tE8h0JH3i36+ROpGKv9UtVnd
	4w62Kg/3s7oA3uyTdAZeMu0lswe+UknHJZubCmC80tIG5wXGDmimVdM3X9BO+GjlQrU9
	qePfCGlN5XRvlFroNMCuzcU0OdlglFDZG32pc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version
	:content-type:references;
	b=Xa47w2huNuffaVXW5tyCbhlcRMThvqWlGO6keFE46fdh1yDtfu5ox0+CVqVCysol3f
	HgHN0ekSR+ZsayS6j6q3jiFVZlagZhJrg3e0yHMJVgfijFuQEPQfUpYjA6KAbmJPSSdi
	FGJGXhi7ZjYtNG80I/DerZPbU1Hq6HHoFu0gQ=
Received: by 10.86.79.19 with SMTP id c19mr2574657fgb.67.1221864691356;
	Fri, 19 Sep 2008 15:51:31 -0700 (PDT)
Received: by 10.86.62.1 with HTTP; Fri, 19 Sep 2008 15:51:31 -0700 (PDT)
Message-ID: <bb4a86c70809191551y774c233g5e664c431be62a50@mail.gmail.com>
Date: Fri, 19 Sep 2008 15:51:31 -0700
From: "Maksim Yevmenkin" <maksim.yevmenkin@gmail.com>
To: "Alexey Shuvaev" <shuvaev@physik.uni-wuerzburg.de>
In-Reply-To: <bb4a86c70809191543y7f3d38ex73c48186dfd163c5@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_1383_28216885.1221864691344"
References: <48D2F942.4070801@FreeBSD.org>
	<20080919084201.GD44330@wep4035.physik.uni-wuerzburg.de>
	<48D38DFF.8000803@FreeBSD.org>
	<20080919203310.GA34131@localhost.my.domain>
	<bb4a86c70809191543y7f3d38ex73c48186dfd163c5@mail.gmail.com>
Cc: freebsd-current@freebsd.org
Subject: Re: Interface auto-cloning bug or feature?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2008 22:51:34 -0000

------=_Part_1383_28216885.1221864691344
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Fri, Sep 19, 2008 at 3:43 PM, Maksim Yevmenkin
<maksim.yevmenkin@gmail.com> wrote:
> [....]
>
>>> That what has caused me to look into this issue. You can find patch for
>>> security/vpnc to prevent unbounded interface cloning here:
>>>
>>> http://sobomax.sippysoft.com/~sobomax/vpnc.diff
>>>
>> Ok, the patch prevents interface cloning, but I think it doesn't solve
>> the actual problem.
>> Let's wait for Maksim :)
>
> ok, how about attached patch. i put it together *very* quickly and
> only gave it a light testing. its for tap(4), because i could compile
> it as a module and tun(4) is compiled into kernel by default, but the
> idea should identical for tun(4). should be even simpler for tun(4)
> because it does not have to deal with 2 kind of devices (i.e. tap and
> vmnet). give it a try, and see if it works. please try both cloning
> paths, i.e.
>
> 1) cat /dev/tap (/dev/vmnet) with and/or without unit number
>
> and
>
> 2) ifconfig tapX (vmnetX) create/destroy
>
> in the mean time i will prepare something similar for tun(4).

attached is similar patch for tun(4). i only made sure it compiles :)
rebuilding kernel now...

thanks,
max

------=_Part_1383_28216885.1221864691344
Content-Type: text/plain; name=if_tun.c.diff.txt
Content-Transfer-Encoding: base64
X-Attachment-Id: f_flbenwdo1
Content-Disposition: attachment; filename=if_tun.c.diff.txt

LS0tIGlmX3R1bi5jLm9yaWcJMjAwOC0wNi0yMCAxNjo0NTowNy4wMDAwMDAwMDAgLTA3MDAKKysr
IGlmX3R1bi5jCTIwMDgtMDktMTkgMTU6NDc6NTUuMDAwMDAwMDAwIC0wNzAwCkBAIC0xMjksNiAr
MTI5LDcgQEAKIAkJICAgIHN0cnVjdCBydGVudHJ5ICpydCk7CiBzdGF0aWMgdm9pZAl0dW5zdGFy
dChzdHJ1Y3QgaWZuZXQgKik7CiAKK3N0YXRpYyBpbnQJdHVuX2Nsb25lX2xvb2t1cChzdHJ1Y3Qg
Y2RldiAqKik7CiBzdGF0aWMgaW50CXR1bl9jbG9uZV9jcmVhdGUoc3RydWN0IGlmX2Nsb25lICos
IGludCwgY2FkZHJfdCk7CiBzdGF0aWMgdm9pZAl0dW5fY2xvbmVfZGVzdHJveShzdHJ1Y3QgaWZu
ZXQgKik7CiAKQEAgLTE3NCw2ICsxNzUsMjggQEAKIH07CiAKIHN0YXRpYyBpbnQKK3R1bl9jbG9u
ZV9sb29rdXAoc3RydWN0IGNkZXYgKipkZXYpCit7CisJc3RydWN0IHR1bl9zb2Z0YyAqdHA7CisK
KwltdHhfbG9jaygmdHVubXR4KTsKKwlUQUlMUV9GT1JFQUNIKHRwLCAmdHVuaGVhZCwgdHVuX2xp
c3QpIHsKKwkJbXR4X2xvY2soJnRwLT50dW5fbXR4KTsKKwkJaWYgKCh0cC0+dHVuX2ZsYWdzICYg
VFVOX09QRU4pID09IDApIHsKKwkJCSpkZXYgPSB0cC0+dHVuX2RldjsKKwkJCW10eF91bmxvY2so
JnRwLT50dW5fbXR4KTsKKwkJCW10eF91bmxvY2soJnR1bm10eCk7CisKKwkJCXJldHVybiAoMSk7
CisJCX0KKwkJbXR4X3VubG9jaygmdHAtPnR1bl9tdHgpOworCX0KKwltdHhfdW5sb2NrKCZ0dW5t
dHgpOworCisJcmV0dXJuICgwKTsKK30KKworc3RhdGljIGludAogdHVuX2Nsb25lX2NyZWF0ZShz
dHJ1Y3QgaWZfY2xvbmUgKmlmYywgaW50IHVuaXQsIGNhZGRyX3QgcGFyYW1zKQogewogCXN0cnVj
dCBjZGV2ICpkZXY7CkBAIC0yMTMsNiArMjM2LDExIEBACiAJCXJldHVybjsKIAogCWlmIChzdHJj
bXAobmFtZSwgVFVOTkFNRSkgPT0gMCkgeworCQlpZiAodHVuX2Nsb25lX2xvb2t1cChkZXYpKSB7
CisJCQlkZXZfcmVmKCpkZXYpOworCQkJcmV0dXJuOworCQl9CisKIAkJdSA9IC0xOwogCX0gZWxz
ZSBpZiAoZGV2X3N0ZGNsb25lKG5hbWUsIE5VTEwsIFRVTk5BTUUsICZ1KSAhPSAxKQogCQlyZXR1
cm47CS8qIERvbid0IHJlY29nbmlzZSB0aGUgbmFtZSAqLwo=
------=_Part_1383_28216885.1221864691344--