Site Navigation

Date:      Fri, 19 Sep 2008 15:51:31 -0700
From:      "Maksim Yevmenkin" <maksim.yevmenkin@gmail.com>
To:        "Alexey Shuvaev" <shuvaev@physik.uni-wuerzburg.de>
Cc:        freebsd-current@freebsd.org
Subject:   Re: Interface auto-cloning bug or feature?
Message-ID:  <bb4a86c70809191551y774c233g5e664c431be62a50@mail.gmail.com>
In-Reply-To: <bb4a86c70809191543y7f3d38ex73c48186dfd163c5@mail.gmail.com>
References:  <48D2F942.4070801@FreeBSD.org> <20080919084201.GD44330@wep4035.physik.uni-wuerzburg.de> <48D38DFF.8000803@FreeBSD.org> <20080919203310.GA34131@localhost.my.domain> <bb4a86c70809191543y7f3d38ex73c48186dfd163c5@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

------=_Part_1383_28216885.1221864691344
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Fri, Sep 19, 2008 at 3:43 PM, Maksim Yevmenkin
<maksim.yevmenkin@gmail.com> wrote:
> [....]
>
>>> That what has caused me to look into this issue. You can find patch for
>>> security/vpnc to prevent unbounded interface cloning here:
>>>
>>> http://sobomax.sippysoft.com/~sobomax/vpnc.diff
>>>
>> Ok, the patch prevents interface cloning, but I think it doesn't solve
>> the actual problem.
>> Let's wait for Maksim :)
>
> ok, how about attached patch. i put it together *very* quickly and
> only gave it a light testing. its for tap(4), because i could compile
> it as a module and tun(4) is compiled into kernel by default, but the
> idea should identical for tun(4). should be even simpler for tun(4)
> because it does not have to deal with 2 kind of devices (i.e. tap and
> vmnet). give it a try, and see if it works. please try both cloning
> paths, i.e.
>
> 1) cat /dev/tap (/dev/vmnet) with and/or without unit number
>
> and
>
> 2) ifconfig tapX (vmnetX) create/destroy
>
> in the mean time i will prepare something similar for tun(4).

attached is similar patch for tun(4). i only made sure it compiles :)
rebuilding kernel now...

thanks,
max

------=_Part_1383_28216885.1221864691344
Content-Type: text/plain; name=if_tun.c.diff.txt
Content-Transfer-Encoding: base64
X-Attachment-Id: f_flbenwdo1
Content-Disposition: attachment; filename=if_tun.c.diff.txt

LS0tIGlmX3R1bi5jLm9yaWcJMjAwOC0wNi0yMCAxNjo0NTowNy4wMDAwMDAwMDAgLTA3MDAKKysr
IGlmX3R1bi5jCTIwMDgtMDktMTkgMTU6NDc6NTUuMDAwMDAwMDAwIC0wNzAwCkBAIC0xMjksNiAr
MTI5LDcgQEAKIAkJICAgIHN0cnVjdCBydGVudHJ5ICpydCk7CiBzdGF0aWMgdm9pZAl0dW5zdGFy
dChzdHJ1Y3QgaWZuZXQgKik7CiAKK3N0YXRpYyBpbnQJdHVuX2Nsb25lX2xvb2t1cChzdHJ1Y3Qg
Y2RldiAqKik7CiBzdGF0aWMgaW50CXR1bl9jbG9uZV9jcmVhdGUoc3RydWN0IGlmX2Nsb25lICos
IGludCwgY2FkZHJfdCk7CiBzdGF0aWMgdm9pZAl0dW5fY2xvbmVfZGVzdHJveShzdHJ1Y3QgaWZu
ZXQgKik7CiAKQEAgLTE3NCw2ICsxNzUsMjggQEAKIH07CiAKIHN0YXRpYyBpbnQKK3R1bl9jbG9u
ZV9sb29rdXAoc3RydWN0IGNkZXYgKipkZXYpCit7CisJc3RydWN0IHR1bl9zb2Z0YyAqdHA7CisK
KwltdHhfbG9jaygmdHVubXR4KTsKKwlUQUlMUV9GT1JFQUNIKHRwLCAmdHVuaGVhZCwgdHVuX2xp
c3QpIHsKKwkJbXR4X2xvY2soJnRwLT50dW5fbXR4KTsKKwkJaWYgKCh0cC0+dHVuX2ZsYWdzICYg
VFVOX09QRU4pID09IDApIHsKKwkJCSpkZXYgPSB0cC0+dHVuX2RldjsKKwkJCW10eF91bmxvY2so
JnRwLT50dW5fbXR4KTsKKwkJCW10eF91bmxvY2soJnR1bm10eCk7CisKKwkJCXJldHVybiAoMSk7
CisJCX0KKwkJbXR4X3VubG9jaygmdHAtPnR1bl9tdHgpOworCX0KKwltdHhfdW5sb2NrKCZ0dW5t
dHgpOworCisJcmV0dXJuICgwKTsKK30KKworc3RhdGljIGludAogdHVuX2Nsb25lX2NyZWF0ZShz
dHJ1Y3QgaWZfY2xvbmUgKmlmYywgaW50IHVuaXQsIGNhZGRyX3QgcGFyYW1zKQogewogCXN0cnVj
dCBjZGV2ICpkZXY7CkBAIC0yMTMsNiArMjM2LDExIEBACiAJCXJldHVybjsKIAogCWlmIChzdHJj
bXAobmFtZSwgVFVOTkFNRSkgPT0gMCkgeworCQlpZiAodHVuX2Nsb25lX2xvb2t1cChkZXYpKSB7
CisJCQlkZXZfcmVmKCpkZXYpOworCQkJcmV0dXJuOworCQl9CisKIAkJdSA9IC0xOwogCX0gZWxz
ZSBpZiAoZGV2X3N0ZGNsb25lKG5hbWUsIE5VTEwsIFRVTk5BTUUsICZ1KSAhPSAxKQogCQlyZXR1
cm47CS8qIERvbid0IHJlY29nbmlzZSB0aGUgbmFtZSAqLwo=
------=_Part_1383_28216885.1221864691344--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bb4a86c70809191551y774c233g5e664c431be62a50>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact