Page MenuHomeFreeBSD

pf: Handle if_groups with the same name as interfaces
AbandonedPublic

Authored by kp on Aug 19 2015, 9:23 PM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 20 2023, 1:03 AM
Unknown Object (File)
Oct 15 2023, 6:44 AM
Unknown Object (File)
Jul 29 2023, 11:51 PM
Unknown Object (File)
Jun 24 2023, 5:05 PM
Unknown Object (File)
May 5 2023, 4:50 AM
Unknown Object (File)
Feb 21 2023, 11:12 PM
Unknown Object (File)
Feb 17 2023, 2:34 AM
Unknown Object (File)
Dec 31 2022, 10:36 AM
Subscribers

Details

Reviewers
eri
Group Reviewers
network
Summary

pf allows network interfaces and groups to be used interchangeably. They don't
share a namespace so it's possible for an interface and a group to have the same
name.

If that happens we recurse infinitely in pfi_kif_update() because the pfi_kif is
both an interface and a group. That means that the kif is a member of itself.

Simply checking that we're not calling pfi_kif_update() on the current pfi_kif
fixes the panic.

PR: 127042, 202178

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

kp retitled this revision from to pf: Handle if_groups with the same name as interfaces.
kp updated this object.
kp edited the test plan for this revision. (Show Details)
kp set the repository for this revision to rS FreeBSD src repository - subversion.
eri requested changes to this revision.Aug 25 2015, 5:26 PM
eri edited edge metadata.

I do not think this is the root cause for this, it just hides another issue.
I think that the result of RB_INSERT should be checked when a group/iface is created should be tested.
If that returns NULL the result should be null.

To me it is not good to have this weirdness in the configuration and nevertheless allow that.

This revision now requires changes to proceed.Aug 25 2015, 5:26 PM

I'll post a patch with an alternative approach: change the network stack to put ifgroup and interface names in the same namespace.