When an interface is moving to/from jail, it is still attached to bpf
and the consumers, tcpdump(1) e.g., do not get noticed. That is
counterintuitive and may leak informations ( sniffer traffic in parent
jail/vnet ).
MFC after: 1 week
Details
Details
One session:
# tcpdump -nvi cxl0 tcpdump: listening on cxl0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
Another session:
# jail -ic vnet persist 1 # ifconfig cxl0 vnet 1
On first session
tcpdump: pcap_loop: The interface disappeared 0 packets captured 0 packets received by filter 0 packets dropped by kernel
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
You probably can directly call similar to bpf_ifdetach() function from if_vmove(). It is called from ioctl context, so you can make detaching synchronously.
Comment Actions
I've ever considered that approach, and finally chose this, the even handler. The latter is self constrained and loosely coupled, although with a little overhead of brainpower.
| sys/net/bpf.c | ||
|---|---|---|
| 3146 | Shouldn't whitespace adjustments be their own commit? | |
| sys/net/bpf.c | ||
|---|---|---|
| 3146 | Yeah, actually this drives me to do 1baf6164e4d6 (bpf: Some style and white space cleanup), which includes this whitespace adjustment. | |
Comment Actions
Think it twice, it is straight forward to synchronously detach the BPF descriptors. The logic is also simpler.